The cyberattacks involve ransomware, which
scrambles data into gibberish that can only be
unlocked with software keys provided once
targets pay up. Independent security experts say
it has already hobbled at least five U.S. hospitals
this week, and could potentially impact
hundreds more.
The offensive by a Russian-speaking criminal
gang coincides with the U.S. presidential
election, although there is no immediate
indication they were motivated by anything but
profit. “We are experiencing the most significant
cyber security threat we’ve ever seen in the
United States,” Charles Carmakal, chief technical
officer of the cybersecurity firm Mandiant, said
in a statement.
Alex Holden, CEO of Hold Security, which
has been closely tracking the ransomware in
question for more than a year, agreed that
the unfolding offensive is unprecedented in
magnitude for the U.S. given its timing in the
heat of a contentions presidential election and
the worst global pandemic in a century.
The federal alert was co-authored by the
Department of Homeland Security and the
Department of Health and Human Services.
The cybercriminals launching the attacks use a
strain of ransomware known as Ryuk, which is
seeded through a network of zombie computers
called Trickbot that Microsoft began trying to
counter earlier in October. U.S. Cyber Command
has also reportedly taken action against Trickbot.
While Microsoft has had considerable success
knocking its command-and-control servers
offline through legal action, analysts say criminals
have still been finding ways to spread Ryuk.