FBI: Conti Ransomware Targets Healthcare Facilities and First Responders

The FBI released a bulletin on May 21, 2021, warning of ransomware attacks targeting healthcare and first responder networks. The law enforcement agency said it had identified at least 16 incidents of Conti ransomware attacks that affected the networks of U.S. healthcare facilities and first responders, including 911 dispatchers, emergency medical services, law enforcement and municipalities.

Healthcare Conti Ransomware

Such attacks can delay access to the information emergency personnel need to respond quickly and safely to calls for service. When healthcare networks are compromised, it can cause patients to be rerouted to alternate facilities, delay procedures and expose sensitive information.

The FBI advised healthcare organizations and first responders to take immediate steps to mitigate the risk of such cyber attacks. Organizations need an effective backup strategy and a layered security approach to prevent ransomware from causing disruption to their vital operations.


Inside the Conti Ransomware

Almost 300 organizations in the U.S. have fallen victim to the Conti ransomware variant. As with most ransomware attacks, Conti encrypts the victim’s files and demands a ransom payment in exchange for the encryption key. But like a growing number of ransomware strains, Conti also steals the victim’s data prior to encryption and threatens to sell or publicly expose it if the ransom is not paid.

Authorities believe a Russian group known as Wizard Spider is behind the Conti ransomware. An attack begins when a user clicks on a malicious email link or attachment. The attackers commonly use links to Google Drive and attached Word documents with embedded scripts that launch the Emotet malware. Emotet has the ability to evade detection by older antivirus products and to spread throughout connected computer systems.

This gives the criminals access to the victim’s network, where they conduct reconnaissance and use common Windows tools to escalate privileges and move laterally among systems. They have been known to spend four to 21 days inside the victim’s network before exfiltrating and encrypting files.


Reducing the Conti Threat

The best thing any organization can do to reduce the threat of ransomware is to back up data regularly. Backup files should be “air gapped” (taken offline or otherwise isolated from the network) or copied to immutable storage. This prevents the backup files from being encrypted. Organizations should maintain at least three copies of mission-critical data on physically separate platforms, and regularly test backups to ensure the data can be recovered quickly.

Almost 300 organizations in the U.S. have fallen victim to the Conti ransomware variant. 

To protect the network, organizations should require strong passwords that are changed regularly, and use multifactor authentication where possible. The principle of least access privilege should be applied, ideally requiring administrator-level privileges to install software. Administrator accounts should be audited regularly to ensure that the privileges are appropriate.

Operating system and software patches and updates should be applied as soon as they are available. The network should be segmented and remote access ports disabled or monitored. User education is also important. Regular security awareness training can help users spot phishing scams and follow best practices.


How GDS Can Help

The security experts at GDS have extensive experience in the prevention, detection and mitigation of ransomware attacks. We help customers identify security gaps, enhance their backup systems and ensure that their environment is kept up-to-date. We offer a suite of security tools that work together to protect mission-critical systems, backed by around-the-clock monitoring and rapid incident response.

GDS has specific expertise in healthcare and first responder networks. We recognize the critical nature of your operations and take the steps necessary to maximize the availability and performance of your IT systems. Let us help you reduce the risk of a potentially devastating ransomware attack.



Benefits of Managed IT Services from Global Data Systems

  • Strategic Managed IT: We help you solve your technology related business problems.
  • Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
  • Support: When you need help simply call our 24x7x365 support number.
  • Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >