Inside the mind of a hacker: 10 things to know about motives, negotiations behind hospital IT attacks 

As cyberattacks on hospitals and health systems escalate, hackers and ransomware groups are getting more vocal about their demands and revealing details about their negotiation tactics. 

Ten things to know: 

1. In March, Swiss hacker Tillie Kottmann broke into San Mateo, Calif.-based security camera company Verkada and exposed live video surveillance feeds from hospitals including Daytona Beach, Fla.-based Halifax Health, Texarkana, Texas-based Wadley Regional Medical Center and Tempe (Ariz.) St. Luke's Hospital. 

2. Tillie Kottmann is just one of the hackers who claimed credit for the Verkada breach and told Bloomberg that they attacked Verkada to show how easy it is to break into video surveillance systems. They also said they were inspired to carry out the attack because of "lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it's also just too much fun not to do it." 

3. REvil ransomware gang orchestrated a July 2 ransomware attack on IT management software company Kaseya, which has affected at least 200 companies in the U.S. REvil has demanded $70 million to unlock the company's IT systems. 

4. When The Wall Street Journal reached out to REvil for comment on the ongoing attack, the publication was able to get ahold of the group through an intermediary, who told the Journal: "We don’t need a lot of noise. Only money."

5. The Ryuk ransomware gang is responsible for attacks on at least 235 U.S. hospitals and inpatient psychiatric facilities since 2018. Some of the group's most recent healthcare targets include King of Prussia, Pa.-based Universal Health Services, which lost $67 million from Ryuk's malware attack last September, and DCH Health System in late 2019. 

6. When it comes to negotiating over ransoms, Ryuk doesn't care that patients' lives could be at risk when attacking a hospital, ransomware recovery firm Coveware CEO Bill Siegel told the Journal in June. "Other groups you can at least have a conversation. You can tell them, 'We're a hospital, someone's going to die.' Ryuk won't even reply to that email," he said. 

7. Ryuk uses disposable webmail accounts to negotiate with victims and speaks with a "single, consistent voice, terse and to the point, and offering no hint of a personality," consultants who have negotiated with the hackers told the WSJ.

8. In June 2020, University of California San Francisco paid ransomware gang Netwalker $1.14 million after the cybercriminals locked down the university's medical school's computers. BBC News was able to follow the negotiations between UCSF and Netwalker in a live chat on the dark web, thanks to an anonymous tip, the publication said. 

9. Netwalker's website resembles a "standard customer-service website," and has a frequently asked questions tab and a live chat option, according to BBC News. The website also features a countdown timer that ticks down to a time when Netwalker either deletes the data they infected with malware or increases the price of the ransom. 

10. After logging into the website, UCSF was met with the following message from Netwalker June 5: "Hi UCSF, don't be shy, we can work together on the current incident." Through a series of messages negotiating, Netwalker accepted UCSF's $1.14 million offer, which the university transferred in bitcoin to Netwalker's electronic wallets.


Copyright © 2023 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars