HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Editorials & Other Articles (Forum) » The Ruthless Hackers Behi...

Fri Jun 11, 2021, 09:32 PM

The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: 'They Do Not Care'

A ransomware attack on a national hospital chain nearly brought Las Vegas hospitals to their knees. Another attack in Oregon abruptly shut down alerts tied to patient monitors tracking vital signs. In New York, one county’s only trauma center briefly closed to ambulances, with the nearest alternative 90 miles away. Multiple attacks were carried out in recent months against U.S. hospitals, suspending some surgeries, delaying medical care and costing hospitals millions of dollars. The Wall Street Journal tracked the most disruptive attacks to one group: a notorious gang of Eastern European cybercriminals once called the “Business Club,” with ties to Russian government security services, according to threat analysts and former law-enforcement officials who closely follow Eastern European cybercrime operations.

Now known by many researchers as Ryuk, after its signature software, it is the most prolific ransomware gang in the world, accounting for one-third of the 203 million U.S. ransomware attacks in 2020, according to cybersecurity firm SonicWall. Ryuk ransomware collected at least $100 million in paid ransom last year, according to the bitcoin analysis firm Chainalysis. The group targets large organizations with deep resources, breaking into their networks and installing malicious software that locks every file on every computer with an encryption key, essentially an uncrackable password. Ryuk routinely extracts six- and seven-figure payments from victims in exchange for revealing the encryption key, according to security companies tracking the group.

The Ryuk gang has hit at least 235 general hospitals and inpatient psychiatric facilities, plus dozens of other healthcare facilities in the U.S. since 2018, when security researchers first spotted them, according to a Journal review of the attacks through interviews with hospital officials and security analysts, public statements and court documents. Hospitals are especially lucrative targets because many have lax cybersecurity controls, and the business of life and death is highly vulnerable to extortion. Some ransomware gangs avoid them over fears of killing people, or can be persuaded to turn over the encryption key when lives are at stake, according to people who have negotiated with the attackers. Not so with Ryuk.

(snip)

Security researchers say Ryuk grew out of the larger organization called the Business Club, whose leaders have been in a game of cat-and-mouse with U.S. authorities since at least 2007. The Business Club began by creating malware that could transfer money out of a consumer’s bank account by waiting until the victim logs in to their bank’s website and then secretly hijacking the connection. The Business Club splintered into two factions in late 2013 following a rift between the heads of the organization’s software-development division and its money-laundering operations, according to former FBI agent J. Keith Mularski, a managing director in Ernst & Young’s cybersecurity practice, who investigated the group. As banks evolved more robust defenses, both factions pivoted into ransomware. One group began signing their ransom demands as the fictional character Ryuk from the Japanese manga series Death Note. Others have called the gang variously the Trickbot Group, Wizard Spider, UNC1878 and Team9. Ryuk negotiates with victims using disposable webmail accounts and speaks with a single, consistent voice, terse and to the point, and offering no hint of a personality, according to consultants who have negotiated with the hackers.

(snip)

The U.S. government and international law-enforcement agencies have worked with private-sector technology firms to take down Ryuk’s “botnets”—the undulating mass of thousands or millions of hacked computers that the organization controls at any given time. On June 4, the Justice Department announced a 47-count indictment against seven alleged members of the organization for the electronic bank thefts that were the group’s mainstay before it moved to ransomware. One defendant, described by officials as a 55-year-old Latvian woman who used the screen name “Max,” was arrested in Florida while traveling in February. The identities of five Russian nationals and a Ukranian defendant remain under seal.

And in 2019, the U.S. Treasury Department levied financial sanctions on alleged Business Club member Maksim Yakubets, saying he has been “working for the Russian FSB” since at least 2017 and in 2018 “was in the process of obtaining a license to work with Russian classified information from the FSB.” Mr. Yakubets, along with another alleged Business Club member, Evgeniy Bogachev, are wanted in the U.S., with a total $8 million in reward money offered for their capture. No contact information could be found for either man.

More..

https://www.wsj.com/articles/the-ruthless-cyber-gang-behind-the-hospital-ransomware-crisis-11623340215 (subscription)

2 replies, 1720 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 2 replies Author Time Post
Reply The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: 'They Do Not Care' (Original post)
question everything Jun 11 OP
I_UndergroundPanther Jun 11 #1
dalton99a Jun 12 #2

Response to question everything (Original post)

Fri Jun 11, 2021, 10:49 PM

1. I hope the fuckers in this

ransomware gang get destroyed ,all of them. And that thier ransomware gets cracked and brings harsh justice to anyone involved with thier shit. Fuck you ryuk.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to question everything (Original post)

Sat Jun 12, 2021, 10:40 AM

2. "With ties to Russian government security services"

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread