The new standard in ransomware extortion tactics • The Register


Extortionists are now threatening to crush hospital patients – issuing bomb threats or other false reports to police so that heavily armed cops will show up at victims’ homes – if medical centers don’t pay the demands ransom from scammers.

After intruders broke in In November, when the computer network at Seattle’s Fred Hutchinson Cancer Center stole medical records — everything from Social Security numbers to diagnoses and lab results — miscreants threatened to go after the patients themselves.

The idea being, it seems, that these patients and the media coverage of any crushing will put pressure on the American hospital to pay up and stop the extortion. Other teams do the same when attacking an IT service provider: they don’t just extort the providers, they also threaten or further extort those providers’ customers.

“Fred Hutchinson Cancer Center was aware of the cybercriminals’ threat to strike and immediately notified the FBI and Seattle police, who notified local police,” a spokesperson said. The register Today. “The FBI, as part of its investigation into the cybersecurity incident, also investigated these threats.”

The cancer center, which operates more than 10 clinics in Washington’s Puget Sound region, declined to respond to further comments about the threats.

Another health network in Oklahoma – Integris Health, which operates a network of 15 hospitals and 43 clinics – last month informed patients about a similar “cyber event” in which criminals may have accessed personal data. Shortly after, some of these patients reported receive emails miscreants threatening to sell their information on the dark web.

“While we work with third-party specialists to investigate this matter and determine the scope of the data involved and to whom this data relates, we are providing the latest information to patients and the public here,” a spokesperson for Integris. The register.

“As we confirm affected individuals, we contact them to provide notification and support, including 24 months of access to free credit monitoring and identity protection services. Our investigation As this matter is ongoing, we are unable to provide additional information at this time.”

These types of boilerplate answers may not be as reassuring as some business types think. This latest crush threat raises worrying questions about how far criminals are willing to go in their quest for loot.

“Ransoms have been allowed to reach lottery jackpot levels, and the predictable result is that people are willing to use increasingly extreme measures to collect payment,” said Brett Callow, threat analyst at Emsisoft . The register.

Earlier this week, the security service requested a ban on paying ransomsnoting that extortion tactics were becoming more extreme and now include threats of crushing.

“Unfortunately, I think it’s only a matter of time before cybercriminals start using actual violence to support cyber extortion,” Callow said. “Assuming you haven’t already, of course.”

Sam Rubin, vice president of Unit 42 Consulting at Palo Alto Networks, said The register his team has not seen any takeover attempts from extortion teams in 2023, although a change in tactics seems likely.

“But I’m not surprised at all,” he added, regarding reports that cancer patients in Seattle might be receiving these types of threats.

“If you look over the last few years, we’ve seen a continued evolution in extortion tactics,” Rubin said. “If you go back in time, it was just encryption.”

Over the past year, Unit 42 has seen cybercriminals send threatening text messages to the spouse of a CEO whose organization was being extorted, Rubin added, increasing the pressure to secure payment. The Advisory and Incident Response Unit also saw criminals sending flowers to a victim company’s management team and issuing ransom demands via printers connected to the affected company’s network.

“We had another one where the victim organization decided not to pay, but the ransomware actors then harassed that organization’s customers,” Rubin said. “They came back to us and said they regretted the decision (not to pay) because of the impact on the threat actor’s reputation with their customers.”

These criminals, he added, are “trying to change the balance of levers to force this payment.”

At the same time, ransomware attacks against critical infrastructure, including hospitals, are becoming more frequent. Emsisoft reported 46 infections against US hospital networks last year alone, compared to 25 in 2022. In total, at least 141 hospitals were infected and at least 32 of the 46 networks had data stolen, including protected health information.

It’s bad enough that these attacks have hijacked ambulances and postponed intensive care for patients, and now criminals are inflicting even more suffering on people. Last year this included leak nudes of breast cancer patients. Crushing seems to be the next step, albeit a heinous one. ®

Leave a comment