[ad_1]
when calling On October 24, 2020, Ridgeview Medical Center’s three hospitals’ computer networks went down, and the medical group turned to Facebook for help postal Warn their patients about the interruption.A local volunteer-run fire department Say Ambulances diverted to other hospitals; officials report Patients and staff are safe. Downtime at a Minnesota medical facility is not a technical glitch. Report The campaign was quickly linked to one of Russia’s most notorious ransomware gangs.
Thousands of miles away, just two days later, members of the Trickbot cybercrime group privately gloated over the simple targets of hospitals and healthcare providers. “Look how quickly hospitals and centers responded,” Target boasted in a message to one of their colleagues, a leading member of the Russia-linked malware gang. The exchange, contained in previously unreported documents seen by WIRED, included hundreds of messages sent between Trickbot members and detailed the inner workings of the notorious hacking group. “The other’s answer, [take] sky. The answer flew in immediately from the ridge,” Target wrote.
As Target is typing, members of the Trickbot are launching a giant Ransomware attack wave Against hospitals across America. Their goal: to force hospitals to rush into the surging Covid-19 pandemic to pay the ransom quickly.This series of attacks prompted Urgent warning from federal agency, including the Cybersecurity and Infrastructure Security Agency and the FBI. “Clinics in America this week,” Target said, as they instructed to begin targeting a list of 428 hospitals. “There will be panic.”
The documents seen by WIRED include messages between senior members of Trickbot, dated summer and fall 2020, and reveal how the group plans to expand its hacking activities. They exposed the pseudonyms of key members, showing the ruthless attitude of members of the criminal gang.
The messages were sent in the months before and after U.S. Cyber Command outage Most of Trickbot’s infrastructure and temporarily halted the team’s work. Since then, the group has expanded its business, Malware that evolved it, and it continues to target businesses around the world.Although the FSB has recently Arrested members of REvil Ransomware gangs – below diplomatic effort Between Presidents Joe Biden and Vladimir Putin — Trickbot’s inner circle has been relatively unscathed so far.
The Trickbot group evolved from the banking Trojan Dyre around the end of 2015, when members of Dyre arrestedThe gang has developed its original banking trojan into a general-purpose hacking toolkit; a single module that operates like a plugin allows its operators to deploy the Ryuk and Conti ransomware, while other features enable keylogging and data collection. “I don’t know of any other malware family with so many modules or extensions,” said Vlad Pasca, senior malware analyst at security firm Lifars, who has decompiled Trickbot’s code. This sophistication helped the gang, also known as the wizard spiders, collect millions of dollars from victims.
A core team of about six criminals is at the heart of Trickbot’s operations, according to documents reviewed by WIRED and security experts who track the group. Each member has their own specialties, such as managing a coding team or leading a ransomware deployment. The head of the organization is Stern. (Like all nicknames used in this story, real-world names, or names, are unknown behind the handle. However, they are identities that groups use when they talk to each other.)
“He’s the boss of Trickbot,” said Alex Holden, chief executive of cybersecurity firm Hold Security, who understands how the gang works. Stern acts like the CEO of the Trickbot group and communicates with other members at a similar level. They may also report to other unnamed people, Holden said. “Stern didn’t dabble in technology too much,” he said. “He wants reporting. He wants more communication. He wants high-level decisions.”
[ad_2]
Source link
