This week, ransomware hackers started their attacks on American hospitals.
Wiser after the 2016 experience, the USA was worried
about hackers attacking the November elections. Trickbot is a computer
virus, popular with top class hackers. The attacker can encrypt the files,
corrupt or lock the data, stop the functioning of the computers. Then the hacker
asks for a ransom to restore access. This can be done to disrupt elections,
distort or delay results.
Keeping that in mind, in September, Microsoft started
disabling Trickbot servers. To its surprise, Microsoft found the US cyber command
doing the same. (The two could have coordinated and made the operation more
efficient). Microsoft said more than 90% Trickbot servers were taken offline.
*****
This was like building a fence so as to prevent a burglar
from entering your house. Unfortunately, when you build a fence it hides the burglar
on the other side. By disabling the Trickbot servers, the cyber-detectives were
no longer able to detect the activity of the hackers. Not known if the hackers
behaved like wounded animals, and attacked the hospitals in retaliation. Or they
may be simply too desperate. There are limits to how low terrorists or crooks
can go. Many hijackers let women and children go before holding men hostage.
Reportedly, in March, there was a “gentleman’s agreement” among hackers not to
attack hospitals during the pandemic. That promise was broken this week.
*****
Healthcare hardware like MRI machines, ventilators,
microscopes are actually computers. Like our laptops, they come with software
that needs to be supported, updated and protected. Inertia makes many hospitals
continue with old software. That makes machines vulnerable to hackers’ attacks.
Such medical devices are dangerous for the patients. In September, a ransomware
attack on a German hospital resulted in the death of a woman seeking emergency
treatment.
*****
As usual, Russian hackers are named as the prime
suspects.
Earlier this month, UK confirmed the Russian attempts
to disrupt the 2018 winter Olympics as well as the 2020 Tokyo Olympics. The alleged
organizer was GRU unit 74455. GRU is Russia’s foreign military intelligence
agency. On Monday, 19 October, USA indicted six Russian military intelligence
officers for the Olympic plan as well as attacking a Pennsylvania hospital with
the “NotPetya” malware. Colloquially known as the “Sandworm team”, the GRU hackers
work from “the Tower”, the GRU head office in Moscow.
The US justice department in its 50-page indictment estimated
the total worldwide damage by “NotPetya” to be more than $10 billion, inflicted
on 300+ victims.
*****
This week’s affected hospitals have not been named by
the US government officially. However, Sonoma valley hospital (California), two
hospitals of St Lawrence Health system (New York) and Sky Lakes medical center
(Oregon) announced they were crippled by the cyberattacks. Computer systems had
to be shut down, ambulances diverted, surgeries delayed and several medical
records no longer available.
Hold security, a company that tracks online criminals,
reports one hacker saying “we expect panic” in Russian. Reportedly, the ransom
rates have gone much higher, in one case more than $5 million in bitcoins. (My article on bitcoins, if you don’t know what it means). Alex Holden, the founder of Hold
security said hackers use the traditional Russian formula of charging 10% of a
victim’s annual revenue. (In the old days, that percentage was donated to the
church.)
*****
Reports say the hackers plan to attack hundreds of
American hospitals, while America is busy with elections and their aftermath.
Unless urgent countermeasures are taken, the hospitals will not know which
virus to deal with.
Ravi
दुष्ट पणाचे नवनवीन प्रकार
ReplyDeleteAbsolutely terrifying
ReplyDelete