The Monti ransomware gang has claimed responsibility for a cyberattack on Wayne Memorial Hospital in Pennsylvania and has threatened to leak stolen data on Monday, July 8, 2024, unless their demands are met, according to Security Affairs. In a separate incident, the LockBit ransomware gang has added Fairfield Memorial Hospital in Illinois to their victim list and plans to leak stolen data on Wednesday, July 17, 2024, if their demands are not fulfilled.
Cybersecurity experts note that Monti has been operating since June 2022, following the shutdown of the Conti ransomware gang. The two groups share similarities, with Monti operators reportedly using Conti’s leaked source code for their encryptor. Furthermore, they have adopted similar tactics, techniques, and procedures (TTPs). Monti targets both Windows and Linux systems and regularly exposes company data on their leak site. The group’s methods have drawn significant attention from cybersecurity experts due to their mirroring of Conti’s operations.
In addition to Monti’s activities, LockBit has been active in targeting healthcare facilities. Recently, Croatia’s largest hospital was targeted in a cyberattack that resulted in the hospital shutting down its IT systems for the entire day of June 27, 2024, a situation that resulted in emergency patients being diverted to other hospitals and staff being required to use pen and paper to keep the hospital running. More than 100 experts worked to restore the hospital’s systems and the hospital assured the public that patient safety was maintained throughout the incident. On July 1, LockBit claimed responsibility for the attack and demanded a ransom to be paid by July 18, 2024, under the threat of leaking sensitive data obtained during the breach.
The cyberattack on the Croatian hospital occurred one day after multiple cyberattacks on Croatian government entities. NoName057(16), a pro-Russian group, claimed responsibility for the attacks on the government entities, stating that the group targeted ‘Russophobic countries.’ The group, however, denied involvement in the Croatian hospital attack, citing their policy of refraining from targeting medical facilities.
On June 3, in yet another incident, Synnovis, a pathology service provider for London hospitals, fell victim to a cyberattack by Qilin ransomware gang. The attack had a severe impact on the city’s blood supply, leading to the cancellation of thousands of appointments and procedures. Qilin later communicated with the British Broadcasting Corporation (BBC) via an encrypted chat service on June 19, criticizing the UK government for undervaluing “those who fight on the front edge of the free world.” Researchers have noted that Qilin has been actively recruiting hackers through Russian-language advertisements. On June 20, Qilin uploaded nearly 400GB of stolen data onto their leak site.
It is also worth noting that while there is no definitive evidence that the Conti ransomware gang has rebranded as Monti and is a copycat, or that the organization represents a new ransomware variant, on February 24, 2022, one day after Russian President Vladimir Putin launched an invasion of Ukraine, Conti publicly declared their allegiance and support for the Russian invasion.
Before attributing every hospital cyberattack to Russia prematurely, it is crucial to understand that many ransomware gangs operate globally with affiliates worldwide. Law enforcement agencies have arrested Russian-speaking operators in various countries, including Belarus, Poland, and Ukraine. While several ransomware gangs have ties to Russia, it’s essential to differentiate whether attacks are politically motivated, driven by financial gain, or a combination of both.
Related article: [Perspective] When our cyber defenses bleed and supply chains fail
I remember the blood drives organized at our school. As students, many of us were excited to donate blood for the free sugary snacks we would receive afterward—and, of course, missing 3rd period history class. Back then, our biggest technological concerns were whether our flip phones had enough battery to last the day and if we had enough minutes left to call our friends.
Fast forward to today, and the contrast is stark and alarming. Hospitals in London are now urgently appealing for blood donations following a critical cyberattack. One hospital even circulated an internal memo asking staff with type O blood to donate. London, one of the most advanced cities in the world, is now appealing to its own hospital staff for blood donations due to the severity of a cyberattack. This underscores the heightened dependence on technology defining modern life. READ MORE