(Almost) any thank-you gift... just $5/month or more! GIVE NOW

Hacking hospitals: ransom notes and dark web chatter from health-care extortionists

Scott Tong May 14, 2020
Heard on:
HTML EMBED:
COPY
Dan Kitwood/Getty Images

Hacking hospitals: ransom notes and dark web chatter from health-care extortionists

Scott Tong May 14, 2020
Heard on:
Dan Kitwood/Getty Images
HTML EMBED:
COPY

Say you run a hospital, and you get hacked. You lose access to your patient database — say, the records for who has COVID-19 and how you’re trying to keep them alive — and the bad guys say if you pay, you’ll get your data back.

What do you do?

Increasingly, hospitals find themselves subject to ransomware attacks, according to warnings from the United States and United Kingdom governments, Google and Microsoft.

These facilities tend to be cybersecurity laggards, often running older Microsoft Windows software that the tech giant no longer supports. That makes them vulnerable, and the hackers know it. Hackers also know that hospitals have more at stake than ever during the coronavirus pandemic. In theory at least, hospitals are willing to pay up to keep their vital data intact.

At the center of these attacks is the ransom note, a number of which have been leaked online. What do they say? Some notes employ straightforward, just-the-facts prose.

AzoRULT ransom note. Source: Intsights

This one’s direct and transactional: Your files are locked. Here’s how you pay us to fix it. No one gets hurt.

Other notes strike analysts as more diabolical. Imagine the Joker, smirking behind the monitor, as he taps out this one. It’s from the March 2020 Netwalker attack on the Champaign-Urbana Public Health District in Illinois.

“Your heart rate has increased … move away from the computer and accept that you have been compromised.”

Netwalker ransom note. Source: Intsights

In the end, the hackers got $300,000 in ransom.

Then there’s the turn-up-the-pressure variety, threatening to inflict more pain on a hacked organization the longer it dillydallies. Below, the so-called Jigsaw attack group pastes in the image of the movie supervillain with the same name.

Jigsaw ransom note. Source: Trend Micro

“I want to play a game with you … every hour I select some of them to delete permanently.”

Jigsaw ransom note

The Jigsaw attackers threaten to delete more of the victim’s data as time goes by. Note the tick-tock timer in the bottom left.

In our reporting, we also came across a sampling of communication from the hacking underground, of tools and chatter among attackers and merchants. Experts tell us all the cybertools to carry out an attack are available to buy “off the shelf” on the dark web. No experience necessary.

One tool is a snappy-looking website that looks exactly like a popular URL but is actually meant to lure people into clicking a malicious link. This one’s a dead ringer for the popular Johns Hopkins COVID-19 site.

AZOrult malware. Source: Intsights

The dark web is also a meeting place for malware buyers, sellers and collaborators. This next message serves as a personals ad for villains. The person posting is seeking partners in crime, and he/she offers up a brief skill-set bio: Has access to networks. Can infect computers. Targets big and small companies. Offers a 50-50 split of the pot.

Dark web screenshot. Source: Intsights

This messenger even assumes a certain moral code, if you can call it that.

“Before you talk about ethics I’m not using ransomware on individual people I’m targeting large companies and government agencies.”

Finally, there’s an underground marketplace for data. Fraudsters steal individuals’ data and may offer to give it back for ransom, but sometimes they simply sell it online. For $20, this “merchant” offers what’s known as a fullz: an all-in-one package of name, address, date of birth, Social Security number and credit card data. $20. Click to Buy Now.

Hacked data for sale, screenshot. Source: Terbium Labs

We’re here to help you navigate this changed world and economy.

Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.

In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.

Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.

It’s a great day to invest in Marketplace at any level!

Donate $5/month or more today to get almost ANY thank-you gift.