The Conti ransomware gang has carried out attacks on the networks of over a dozen U.S. healthcare and first responder organizations, including law enforcement agencies and emergency services, according to the Federal Bureau of Investigation (FBI).
In a TLP:WHITE flash alert issued Thursday and intended for system admins and security professionals, the FBI Cyber Division said:
“The FBI identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year.”
These 16 organizations are among over 400 organizations worldwide attacked by Conti, with over 290 of them located in the U.S.
According to the FBI, the Conti gang ransom sets ransom amounts individually for each victim, with recent ones being as high as $25 million.
If the victim doesn’t pay the ransom within eight days, Conti follows up with their victims using Voice Over Internet Protocol (VOIP) services (a tactic the Doppelpaymer gang also uses, for example) or encrypted email services.
The FBI urged victims to share information on Conti ransomware attacks in case they hit their networks to help the agency prevent future attacks and identify the gang members.
Conti ransomware is a private Ransomware-as-a-Service (RaaS) likely operated by a Russian-based cybercrime group known as Wizard Spider. Unlike REvil and Avaddon, who chose not to target sensitive sectors, Conti chooses victims indiscriminately. Such attacks can have disturbing consequences for people:
“Cyberattacks targeting networks used by emergency services personnel can delay access to real-time digital information, increasing safety risks to first responders, and could endanger the public who rely on calls for service to not be delayed. [..] Targeting healthcare networks can delay access to vital information, potentially affecting care and treatment of patients including cancellation of procedures, rerouting to unaffected facilities, and compromise of Protected Health Information,” FBI Cyber Division said.
The Conti gang has recently hit the networks of Ireland’s Health Service Executive (HSE) and Department of Health (DoH). From HSE the hackers demanded a $20 million ransom.