10 things to know about the motivations, the negotiations behind computer attacks in hospitals


As cyber attacks on hospitals and healthcare systems escalate, hackers and ransomware groups are increasingly making their demands heard and revealing details of their negotiating tactics.

Ten things to know:

1. In March, Swiss hacker Tillie Kottmann broke into San Mateo, Calif.-based security camera company Verkada and exposed live CCTV feeds from hospitals, including Daytona-based Halifax Health. Beach, Florida, Texarkana, Texas, at Wadley Regional Medical Center. and St. Luke’s Hospital in Tempe, Arizona.

2. Tillie Kottmann is just one of the hackers who claimed responsibility for the Verkada violation and Bloomberg that they attacked Verkada to show how easy it is to break into CCTV systems. They also said they were inspired to carry out the attack because of “a lot of curiosity, the struggle for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it. ”

3. The REvil ransomware gang orchestrated a July 2 ransomware attack on IT management software company Kaseya, which affected at least 200 companies in the United States. REvil has asked for $ 70 million to unlock the company’s computer systems.

4. When The Wall Street Journal contacted REvil for comment on the ongoing attack, the publication was able to get hold of the group through an intermediary, who told the Journal: “We don’t need a lot of noise. ‘silver.”

5. The Ryuk ransomware gang has been responsible for attacks on at least 235 US hospitals and inpatient psychiatric facilities since 2018. Some of the group’s most recent healthcare targets include King’s Universal Healthcare Services. Prussia, Pa. Who lost $ 67 million from Ryuk. malware attack last September and DCH Health System at the end of 2019.

6. When it comes to negotiating ransoms, Ryuk doesn’t care that patients’ lives could be in danger when they attack a hospital, said Bill Siegel, CEO of ransomware recovery company Coveware. Newspaper in June. “Other groups, you can at least have a conversation. You can tell them, ‘We’re a hospital, somebody’s going to die. “Ryuk won’t even reply to this email,” he said.

7. Ryuk uses disposable webmail accounts to negotiate with victims and speaks in a “single voice, consistent, concise and precise, and offering no hint of personality,” said the consultants who negotiated with the hackers computer science. WSJ.

8. In June 2020, the University of California, San Francisco paid the Netwalker ransomware gang $ 1.14 million after cybercriminals locked the university’s medical school computers. BBC News was able to follow the negotiations between UCSF and Netwalker in a live chat on the dark web, thanks to an anonymous tip, the post said.

9. Netwalker’s website looks like a “standard customer service website” and has a frequently asked questions tab and a live chat option, according to BBC News. The website also has a countdown timer that runs until a time when Netwalker either removes data infected with malware or increases the price of the ransom.

10. After logging into the website, UCSF received the following message from Netwalker June 5: “Hi UCSF, don’t be shy, we can work together on the current incident. Through a series of negotiation messages, Netwalker accepted the UCSF’s $ 1.14 million offer, which the university transferred in bitcoins to Netwalker’s e-wallets.


Leave A Reply