The Well being Sector Cybersecurity Coordination Heart (HC3), which was created by the Division of Well being and Human Companies, lately warned healthcare suppliers a couple of “comparatively unknown” ransomware gang that’s starting to assault organizations within the healthcare sector.
HC3 issued an alert on a cybercriminal group known as TimisoaraHackerTeam (THT). The group was found in July 2018 however has remained fairly incognito since then, the alert stated.
THT’s origin appears to be from Romania — it’s named after a Romanian city and its supply code appears prefer it was created by Romanian audio system.
Most ransomware teams construct their very own instruments to encrypt victims’ information, however THT leverages professional software program instruments like Microsoft’s BitLocker and Jetico’s BestCrypt to ship its malware. Ransomware gang DeepBlueMagic has additionally been identified to make use of this tactic. The group is believed to have waged a cyberattack towards Hillel Yaffa Medical Heart, an Israeli hospital, in 2021. Some Chinese language hacking teams, similar to APT41, use this tactic as effectively.
THT might doubtlessly have a relationship with these teams, in response to HC3’s alert.
The gang unleashes its malware primarily via spam emails and e-mail attachments. Organizations that fall sufferer to a THT assault will discover that their recordsdata have been encrypted by ransomware, and they’ll obtain a ransom be aware with fee directions to assist them recuperate their information.
A U.S. most cancers heart was hit with a THT ransomware assault this month, HC3 stated. The incident “considerably decreased affected person therapy functionality,” took digital companies offline, and put sufferers’ well being and private information prone to publicity.
HC3’s alert identified that this assault demonstrates that THT doesn’t observe the identical code of conduct that many hackers do — a code that stipulates ransomware assaults not be waged on hospitals and different healthcare suppliers. One other cyberattack on the healthcare sector — one suffered by a French hospital in April 2021 — was additionally loosely attributed to THT as a result of it used professional software program instruments to deploy malware.
“Little is understood concerning the obscure group of hackers, however when its ransomware is deployed, their not often used and really efficient strategy of encrypting information in a goal surroundings has paralyzed the well being and public well being (HPH) sector,” HC3’s alert defined.
Healthcare suppliers must be cautious of potential THT assaults and keep in mind that they’re susceptible because of their “excessive propensity to pay a ransom, the worth of affected person information and infrequently insufficient safety,” HC3 stated.
Picture: Traitov, Getty Photos