Tue, Jun 01, 2021
Newsweek
News

Latest Updates on Conti Ransomware Hack: FBI Says 16 U.S. Networks Have Been Hacked This Year

By
News Cyberattack Ransomware Ireland
Live Updates

The Federal Bureau of Investigation said last week that the international cyber-crime gang Conti that attacked the Irish healthcare system last month has also hit at least 16 U.S. medical and first responder networks in the past year.

According to the FBI, the Conti ransomware attackers blackmail victims by infiltrating a victim's network to steal sensitive information and confidential files. Conti actors gain access to personal information through email links, attachments or stolen Remote Desktop Protocol credentials.

Then, the hackers demand a ransom be paid or else the stolen data will be published on a public site controlled by the Conti actors.

Law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities are among the more than 400 organizations worldwide victimized by Conti, the FBI said. Over 290 of those organizations are located in the U.S.

These attacks can increase safety risks by slowing down real-time digital information and delaying calls to service and access to vital healthcare information that could affect treatments for patients.

Ireland's health service was hit by a Conti ransomware attack May 14, locking many hospitals out of their computers, denying health care workers from accessing patients' records, appointment booking and email systems.

The Health Service shut down its IT system as a precautionary measure to allow specialists to contain the ransomware and assess the damage.

There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.

— HSE Ireland (@HSELive) May 14, 2021

"It's widespread. It is very significant, and possibly the most significant cybercrime attack on the Irish State," Ossian Smith, a state minister for procurement and eCommerce told the national broadcaster RTE.

Then, the Conti hackers gave Ireland a decryption key to recover the compromised health system for free on May 21.

Conti told the Health Service Executive on its darknet website that it is "providing the decryption tool for your network for free," but the HSE "should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation."

Irish Health Minister Stephen Donnelly told RTE that no random has of will be paid and was unsure why the decryption key was given to them

"It came as a surprise to us," he said. "Our technical teams are currently testing the tool. The initial responses are positive."

As of May 28, some of Ireland's health services were experiencing issues and disruptions.

There has been a criminal cyber attack on our health service IT systems and we have shut them down as a precaution. This has caused disruption & we are working hard to keep services going. Thank you for your patience at this time. Get service updates here: https://t.co/pZ4bR8eKNN pic.twitter.com/yu1GxmDvxA

— HSE Ireland (@HSELive) June 1, 2021

This is the latest major ransomware attack affecting the United States. Last month, the Colonial Pipeline said a cyberattack from the DarkSide hacker group forced the company to "temporarily halted all pipeline operations" and freeze IT systems. This shutdown affected fuel supplies and distribution in multiple states in the southeast United States.

Ransomware Attack
Secretary of Energy Jennifer Granholm briefs reporters on the cyber attack on the Colonial Pipeline and the U.S. response during the daily press briefing at the White House on May 11, 2021 in Washington, DC. Granholm stated that the current gasoline situation due to the pipeline ransomware attack is a supply crunch and not a gasoline shortage and urged Americans to resist stocking on fuel. The FBI said that 16 U.S. medical and first responder networks were attacked by ransomware cyber-crime gang Conti in the past year. Drew Angerer//Getty Images

Major meat producer JBS USA said it was the victim of a cyberattack over the weekend.

In a press release, the company said the organized hack affected its servers supporting its North American and Australian IT systems. The company said it took immediate action to suspend all affected systems, notify authorities and work with third-party experts to resolve the issues.

"The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation," JBS said. "Resolution of the incident will take time, which may delay certain transactions with customers and suppliers."

It is unclear who is responsible for the attack.

JBS told the White House they received a ransom demand from a criminal organization "likely based in Russia."

Deputy Press Secretary Karine Jean-Pierre told reporters on Air Force One Tuesday that the FBI is investigating the matter and the U.S. Department of Agriculture reached out to several major meat processors in the U.S.

'@K_JeanPierre, briefing reporters on AF1, says meat producer JBS notified the WH on Sunday they've been victims of a ransomware attack from a "criminal organization likely based in Russia." FBI investigating & USDA reached out to several major meat processors in the US.

— Alexandra Jaffe (@ajjaffe) June 1, 2021
Request Reprint & Licensing, Submit Correction or view Editorial Guidelines