Russian hackers, known as the Karakurt gang, have targeted at least four healthcare organizations in the last three months, the Health Sector Cybersecurity Coordination Center warned Aug. 24.
Five things to know about the group:
- The Karakurt gang emerged in late 2021 and likely has ties to the Conti ransomware group.
- The group steals data and threatens to auction it off on the dark web or release it to the public unless their demands are met.
- The ransoms range from $25,000 to $13 million in Bitcoin with deadlines often set to expire within just one week of the initial contact.
- Most recently, the group targeted Methodist McKinney (Texas) Hospital and two surgery centers. On Aug. 19, the group, tied to a ransomware attack against the hospital, revealed a plan to release the protected health information. The information stolen from the hospital includes 360 gigabytes of files with contracts, prescription scans, patient cards and financial information. The hackers also stole patient Social Security numbers and financial documents from the hospital.
- The HC3 recommends providers review security operations and leverage the recommendations outlined in the alert. The organization is also providing a complete list of Karakurt tactics, known vulnerability exploits and indicators of compromise.