The Cybersecurity and Infrastructure Security Agency and FBI Saturday urged U.S. organizations to take steps to detect and protect against two malware threats used against organizations in Ukraine that can destroy computer systems and render them inoperable. One, known as WhisperGate and identified by Microsoft, displays a fake ransomware note but destroys targeted data so they are not recoverable even if a ransom is paid. The other, known as HermeticWiper, targets Windows devices and manipulates the master boot record, which results in boot failure. 

“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data,” the advisory notes. “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.”

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “As indicated in the advisory, we are primarily concerned about unintentional collateral damage from these destructive malware threats, which may impact U.S. health care. It is noted that these malware variants are insidious as they may target and spread through common enterprise-level applications including those designed to maintain network security, such as patch management systems and anti-virus software. The malware can also spread rapidly through email and instant messaging without any command from the hackers. 

“This alert provides particularly detailed mitigation procedures, which we strongly recommend organizations review and implement to the best of their ability. It is critical at this time of heightened threat to ensure the security, redundancy and resiliency of network backups among the many risk mitigation procedures outlined. We expect the increasingly severe economic sanctions targeting Russia will increase the likelihood of cyber retaliation against the West by the Russian government, their allied criminal hacking groups and other nation-state adversaries.” 

For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org, and see the recent AHA Cybersecurity Advisory.  
 

Related News Articles

Headline
U.S. and international agencies Feb. 29 urged health care and other critical infrastructure organizations using Ivanti Connect Secure VPN and Ivanti Policy…
Perspective
The cyberattack against Change Healthcare that began on Feb. 21 is the most serious incident of its kind leveled against a U.S. health care organization.Nine…
Headline
Organizations using the National Institute of Standards and Technology’s Cybersecurity Framework as their primary cybersecurity framework report one-third…
Headline
President Biden Feb. 28 directed the Department of Justice to issue regulations to protect personal health and other data from countries known to collect and…
Headline
The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services Feb. 27 released updated recommendations to help…
Headline
Russian state-sponsored cyber actors are using compromised Ubiquiti EdgeRouters to facilitate malicious cyber operations worldwide, the FBI and other agencies…