Conti Ransomware Gang Behind Ireland Attack Also Hit 16 U.S. Health and Emergency Networks

The same hackers that took down the Irish health system last week also hit at least 16 U.S. medical and first responder networks in the past year, according to a Federal Bureau of Investigation alert made public Thursday by the American Hospital Association.

As first spotted by the security news site Bleeping Computer, the FBI Cyber Division said these hackers used the strain of ransomware known as Conti to target law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities in the U.S. Ransomware is a type of malicious software that breaks into a victim’s devices and encrypts their files so cybercriminals can then extort payment in exchange for restoring access.

The FBI didn’t name specific victims of these breaches or whether ransoms were successfully extorted, saying only that these networks “are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S.” It added that the latest ransom demands have been as high as $25 million.

The hackers that crippled the Irish health system are reportedly part of “Wizard Spider,” a sophisticated cybercrime gang based in Russia that’s been increasingly active in the past year. The group’s threatened to release patient records unless Irish authorities fork over $20 million.

For the last week, this ransomware attack has cut off access to patient records, forced medical facilities to cancel appointments, and disrupted covid-19 testing in the nation. Ireland’s minister overseeing e-government, Ossian Smyth, has called it “possibly the most significant cybercrime attack on the Irish state.”