Conti, a type of ransomware strain responsible for recently crippling Ireland’s health service, has been seen in past cyberattacks waged against similar targets in the U.S., the FBI warned this week.
In a flash alert published on its website Friday, the FBI said more than 290 organizations in the U.S. were “victimized by Conti” before it recently claimed Ireland’s Health Service Executive (HSE).
Without identifying any specific Conti victims in the U.S. or the consequences of the attacks, the FBI reported that several of the instances targeted networks relating to public health and safety.
“The FBI identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers and municipalities within the last year,” its cyber division said in the alert.
“These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S.,” the FBI alert said.
Conti, like most ransomware, “typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom payment from the victim,” the FBI explained in the alert.
“The ransom letter instructs victims to contact the actors through an online portal to complete the transaction,” the FBI Cyber Division said in the alert. “If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors. Ransom amounts vary widely and we assess are tailored to the victim. Recent ransom demands have been as high as $25 million.”
Colonial Pipeline Company, the operator of a massive gas pipeline in the U.S., was attacked earlier this month by a ransomware variant called DarkSide and said it ultimately paid around $4.4 million.
HSE, the provider of Ireland’s publicly funded healthcare system, later announced on May 14 that it was facing “a significant ransomware attack” and had taken all its systems offline as a precaution. The agency subsequently announced that it assessed the attack involved a variant of the Conti virus, and it said that a ransom had been sought but would not be paid “in line with state policy.”
More than a week later, HSE said in a statement issued Saturday that it was experiencing ongoing, “substantial” disruptions and that hospitals were still working to restore several priority systems.
“Hospitals are working to get priority systems back online including radiology and diagnostic systems, maternity and infant care, patient administration systems, chemotherapy and radiation oncology,” HSE said. Essential services, like blood tests and diagnostic services, are taking much longer to operate than usual, using manual processes, and increasing turnaround times for patients in our care.”
The flash alert about Conti was released in the meantime Thursday, and it was quickly made public by the American Hospital Association prior to being shared by the FBI on its website the next day.
The FBI reiterated that it does not encourage paying ransom and recommended several common cybersecurity best practices that can help defend networks against potential Conti ransomware attacks.
The FBI alert did not attribute Conti to any specific hacking group or another actor. It asked for past targets of the attacks to share with authorities any related information they may have to offer.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.