The volume of suspected ransomware payments is likely to double this year and represent a “direct threat” to the US economy, says US Treasury Secretary Janet L. Yellen.
Yellen’s comments -peared in a recent Treasury Department report linking nearly $ 600 million in transactions with ransomware payments in Suspicious Activity Reports that financial services companies reported to the US in the first six months of 2021. Government submitted.
“Ransomware and cyber attacks are victimizing businesses large and small across America and posing a direct threat to our economies,” the report said.
Growing concern about cyber threats comes as a lawsuit alleging ransomware was responsible for a death in an American hospital.
In May 2021, hackers used a ransomware attack to extort a multi-million dollar ransom that disrupted the Colonial Pipeline and caused gasoline shortages in America.
“Other recent attacks have targeted various sectors including manufacturing, law, insurance, healthcare, energy, education and the food supply chain in the United States and around the world,” the Treasury Department report said.
The cybercriminals who launch ransomware are believed to be primarily from Russia and the former Soviet Union countries, with groups also operating in North Korea and Iran. The names of the hacker group are accordingly gloomy: DarkSide, REvil, BlackMatter and Evil Corp.
Analysts say the Russian groups do not operate at the behest of the Russian government, but rather as subsidiary wings.
“Like almost every large industry in Russia, [cybercriminals] operate with the tacit consent and sometimes explicit consent of security services, ”said Michael van Landingham, a former CIA analyst who heads consulting firm Active Measures LLC.
On September 1, the FBI issued a warning that ransomware attacks are targeting the US food and agriculture sectors, causing financial damage and affecting the country’s food supply chain.
Sure enough, in late September, New Cooperative Inc., an Iowa corn and soybean-owned agricultural cooperative, was hit by the BlackMatter ransomware group. The attackers asked the cooperative to pay $ 5.9 million for the decryption key and not to reveal the stolen data.
“The agricultural cooperative says the attack could seriously affect the public supply of grain, pork and chicken if they cannot bring their systems back online,” reports artstechnical.com.
President Joe Biden declared cybersecurity a global crisis last week and held a ransomware summit with 30 nations allied and friendly.
The president “campaigned for sanctions against allegedly ransomware-related cryptocurrency exchanges, formed a cryptocurrency fight against crypto-crime team at the Justice Department, urged companies to share information on cyberattacks, and called for government and private sector security to be rebuilt online,” reported Barrons.
And the attacks continue.
On Monday, one of the largest TV stations in the US said a ransomware attack had disrupted some of its networks, according to CNN.
Sinclair Broadcast Group Inc. was merged with Evil Corp. connected, according to two people familiar with the attack. Sinclair owns, operates, or services 185 television stations in 86 markets.
“Sinclair -pears to have been hit by Macaw ransomware, a relatively new strain that was first reported in early October,” Allan Liska, a senior threat analyst at cybersecurity firm Recorded Future Inc., told Bloomberg. “No other macaw victims have been publicly reported.”
One of the most disturbing developments in the cybercrime trend is the filing of a lawsuit in September alleging that a baby was killed while a hospital was dealing with ransomware.
An Alabama baby was born with a serious brain injury and eventually died of a missed care condition after a ransomware attack on their hospital, according to a lawsuit.
The lawsuit alleges that the hospital, Springhill Medical Center, failed to tell the mother that the hospital computers had failed due to a cyberattack and subsequently severely cut care when she arrived to give birth to her daughter.
This year alone, around 850 healthcare networks and hospitals in the US have been affected by ransomware, Allan Liska, ransomware analyst at cybersecurity firm Recorded Future, told NBC.
Some cybercriminal groups avoid hospitals on humanitarian grounds. However, there are some who make hospitals their special destinations.
Almost half of all US hospitals have disconnected their networks in the past six months due to escalating ransomware attacks, according to a new study by Philips and CyberMDX.
Ransomware attacks on hospitals during the height of the coronavirus pandemic last year were launched by “FIN12,” a group of suspected Russian-speaking criminals, cybersecurity firm Mandiant recently told the Washinton Times.
Kimberly Goody, Mandiant Director of Financial Crime Analysis, told reporters that FIN12 hits hospitals and moves faster than many other ransomware gangs holding computer systems hostage.
Cyber criminal Ryuk is also said to have specialized in attacks on US hospitals.
Additional reading: Latest Cyber Attack Targets: Hospitals, The Crime Report, Aug 18, 2021
Who are the next cyber criminals after REvil? The crime report, July 29, 2021
Nancy Bilyeau is associate editor of The Crime Report.