Security Alert: Trickbot Attacks Against Healthcare System Considered Imminent

November 11th, 2020
Security Alert from The Fulcrum Group

Our President, Steve Meek, was invited to join an HHS conference call recently, where news was released jointly from the FBI, DHS, and HHS, warning of an "imminent and credible" ransomware threat against U.S hospitals. The attackers are targeting the Sector with "Trickbot" malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services. 

A well-known security
researcher and insider "Krebs on Security", has referred to one
source that has said the ransomware gang is targeting more than 400 hospitals,
clinics and medical care facilities. 

It appears a hospital in Oregon reported being offline due to the attack just before the call. The investigation into the malware has shown key "Indicators of Compromise" (IOCs), which include a list of domains which the malware is currently operating through. There are additional reports of other facilities already hit in California and New York, but are unknown to the public at this time.

How You Can Protect Yourself And Your Organization:

  1. Block known sites that provide known functionality to the malware (IOC List)
  2. ​Inform employees
    of the threat and increased need to stay highly diligent​ during this time
  3. Monitor endpoint
    detection on servers and workstations for changes in applications and running
    services, stopped state is IOC
  4. Monitoring of new
    account creations, especially those with administrator access
  5. Disallow use of
    person email accounts
  6. Check that
    backups of critical data sets are current and stored offline
  7. Ensure Business
    Continuity Plans are up-to-date and readily available
  8. Be prepared to
    report all potential cyber incidents to FBI 24/7 CyberWatch Command Center (855-292-3937)

Current
References:

HHS
Bulletin: https://us-cert.cisa.gov/sites/default/files/publications/AA20-302A_Ransomware%20_Activity_Targeting_the_Healthcare_and_Public_Health_Sector.pdf

Krebs
Article: https://krebsonsecurity.com/2020/10/fbi-dhs-hhs-warn-of-imminent-credible-ransomware-threat-against-u-s-hospitals/

Oregon
Hospitalhttps://www.beckershospitalreview.com/cybersecurity/oregon-hospital-shuts-down-computer-system-after-ransomware-attack-4-notes.html

IOC
List: https://gist.github.com/aaronst/6aa7f61246f53a8dd4befea86e832456