Agencies alert organizations to two destructive malware threats

Feb 28, 2022 - 02:06 PM
oig-fda-cybersecurity

The Cybersecurity and Infrastructure Security Agency and FBI Saturday urged U.S. organizations to take steps to detect and protect against two malware threats used against organizations in Ukraine that can destroy computer systems and render them inoperable. One, known as WhisperGate and identified by Microsoft, displays a fake ransomware note but destroys targeted data so they are not recoverable even if a ransom is paid. The other, known as HermeticWiper, targets Windows devices and manipulates the master boot record, which results in boot failure. 

“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data,” the advisory notes. “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.”

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “As indicated in the advisory, we are primarily concerned about unintentional collateral damage from these destructive malware threats, which may impact U.S. health care. It is noted that these malware variants are insidious as they may target and spread through common enterprise-level applications including those designed to maintain network security, such as patch management systems and anti-virus software. The malware can also spread rapidly through email and instant messaging without any command from the hackers. 

“This alert provides particularly detailed mitigation procedures, which we strongly recommend organizations review and implement to the best of their ability. It is critical at this time of heightened threat to ensure the security, redundancy and resiliency of network backups among the many risk mitigation procedures outlined. We expect the increasingly severe economic sanctions targeting Russia will increase the likelihood of cyber retaliation against the West by the Russian government, their allied criminal hacking groups and other nation-state adversaries.” 

For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org, and see the recent AHA Cybersecurity Advisory.  
 

Related News Articles

Headline
Agencies release guidance on hardening network devices in response to cyber espionage campaign by hackers linked to Chinese government
New guidance released yesterday by the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI informs health care and other…
Headline
Advisory warns of activity by BianLian ransomware group 
A joint advisory released Nov. 20 by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and international partners warns of…
Headline
DOJ: Russian national charged with cybercrimes for ransomware attacks on hospitals, other entities 
The Department of Justice Nov. 18 announced criminal charges against Evgenii Ptitsyn, a Russian national, for allegedly administering the sale, distribution…
Headline
UN Security Council meeting discusses impact of ransomware attacks on hospitals 
A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health…
Headline
AHA's Pollack breaks down role of hospitals in the future of health care on Pinkston podcast 
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…
Headline
Agencies provide cyberthreat updates and resources leading up to election 
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…