European ransomware group strikes US hospital networks, analysts warn

An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic, cybersecurity company FireEye said Wednesday. The group, which FireEye calls UNC1878, has been deploying Ryuk ransomware and taking multiple hospital IT networks offline, said Charles Carmakal, senior vice president of Mandiant, FireEye’s incident response arm. “UNC1878 is one of most brazen, heartless and disruptive threat actors I’ve observed over my career,” Carmakal said. The group’s activity “is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers,” he said. The company did not detail any specific attacks, or the timing of the activity it says it observed. The announcement coincides with multiple reported ransomware incidents, including an attack earlier this week on Oregon’s Sky Lakes Medical Center. The medical center carried on with emergency and urgent … Continue reading European ransomware group strikes US hospital networks, analysts warn