Agencies alert organizations to two destructive malware threats

Feb 28, 2022 - 02:06 PM
oig-fda-cybersecurity

The Cybersecurity and Infrastructure Security Agency and FBI Saturday urged U.S. organizations to take steps to detect and protect against two malware threats used against organizations in Ukraine that can destroy computer systems and render them inoperable. One, known as WhisperGate and identified by Microsoft, displays a fake ransomware note but destroys targeted data so they are not recoverable even if a ransom is paid. The other, known as HermeticWiper, targets Windows devices and manipulates the master boot record, which results in boot failure. 

“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data,” the advisory notes. “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.”

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “As indicated in the advisory, we are primarily concerned about unintentional collateral damage from these destructive malware threats, which may impact U.S. health care. It is noted that these malware variants are insidious as they may target and spread through common enterprise-level applications including those designed to maintain network security, such as patch management systems and anti-virus software. The malware can also spread rapidly through email and instant messaging without any command from the hackers. 

“This alert provides particularly detailed mitigation procedures, which we strongly recommend organizations review and implement to the best of their ability. It is critical at this time of heightened threat to ensure the security, redundancy and resiliency of network backups among the many risk mitigation procedures outlined. We expect the increasingly severe economic sanctions targeting Russia will increase the likelihood of cyber retaliation against the West by the Russian government, their allied criminal hacking groups and other nation-state adversaries.” 

For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org, and see the recent AHA Cybersecurity Advisory.  
 

Related News Articles

Headline
Advisory details shifting tactics of Chinese cyber actors using covert networks for malicious activity
A joint advisory released April 23 from U.S. and international cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, FBI,…
Headline
FBI Co-deputy Director Andrew Bailey discusses current cyber and physical threats, rise of AI
FBI Co-deputy Director Andrew Bailey discussed a rise in cyber and physical threats impacting health care. He discussed health care as the top critical…
Headline
FBI: Health care was top target for ransomware, other cyberthreats in 2025 
Health care and public health was the top sector targeted for cyberthreats in 2025, according to the FBI’s latest annual report on internet crimes. There were…
Headline
Alerts warn F5 BIG-IP vulnerability being exploited for malicious activity 
The Cybersecurity and Infrastructure Security Agency released an alert March 27 on a vulnerability in F5 BIG-IP Access Policy Manager software that is being…
Headline
Alert warns of cyber actors using Telegram messaging app to push malware 
The FBI released an alert March 20 warning of a technique used by cyber actors working on behalf of the Iranian government to conduct malicious cyber activity…
Headline
CISA urges organizations to harden endpoint management systems following Stryker cyberattack
The Cybersecurity and Infrastructure Security Agency March 18 released an alert urging U.S. organizations to harden their endpoint management systems following…