The United States District Court for the Eastern District of New York issued a court order on March 31 allowing Microsoft, Fortra, and the Health Information Sharing and Analysis Center to remove illegal copies of Cobalt Strike to ransomware-as-a can’t use them anymore. – Operational services, such as Conti and LockBit.
WHY IT IMPORTANT
Old copies of Fortra’s Cobalt Strike, as well as Microsoft software, have been abused by cybercriminals in an effort to spread malware, including ransomware, according to Microsoft’s Digital Crimes Unit.
But with the court order, the companies will disrupt the malicious infrastructure of cybercriminals by working with the relevant internet service providers and computer emergency readiness teams to bring it up. go offline and destroy the connection to the victim’s infected computer.
Amy Hogan-Burney, general manager of the DCU, said: “Breaking old cracked copies of Cobalt Strike would significantly hinder monetization of these illicit copies and slow down their use. use them in cyber attacks, forcing criminals to reevaluate and change their tactics.” Microsoft blog post.
She noted that “cracked” copies of Cobalt Strike have been used to launch sabotage attacks, such as those against the Government of Costa Rica and the Medical Services Administration. Irish economy.
According to the story, Microsoft’s software development kits and APIs have also been abused in the malware encryption and distribution infrastructure that cybercriminals use to target and deceive victims.
The investigation of the legal case covers detection, analysis, telemetry and reverse engineering, with additional data and insights from a global network of partners, including H-ISAC and other partners. Fortra and Microsoft’s threat intelligence team.
The partners also work with the FBI’s Cyber Division, the Joint National Cyber Investigation Task Force and Europol’s European Cybercrime Center. The investigation uncovered malicious infrastructure in the United States, China, and Russia.
In addition to ransomware gangs, “we have observed threat actors acting in the interests of foreign governments, including from Russia, China, Vietnam and Iran, using cracked copies lock,” Hogan-Burney said.
The case also includes copyright claims against malicious use of software code by Microsoft and Fortra.
TREND TO BIGGER WOMAN
Attacks using abused copies of Forta and Microsoft products have disrupted critical patient care services and cost hospital systems millions of dollars to recover. and repair.
In 2021, the FBI warned that Conti ransomware attacks were targeting US healthcare organizations, gaining access to the network through weaponized malicious email links, files attachments or stolen remote desktop protocol credentials.
“Conti weaponized Word documents with embedded Powershell scripts, initially staging Cobalt Strike through Word documents and then dropping Emotet into the network, giving attackers access to deployment,” the FBI said. ransomware,” the FBI said.
In February, LockBit is said to have prioritized data theft mining and launched LockBit Green, which uses an algorithm based on Conti’s source code.
ON PROFILE
“Renware families associated with or deployed by cracked copies of Cobalt Strike have been implicated in more than 68 ransomware attacks affecting care organizations,” Hogan-Burney said in yesterday’s post. health in more than 19 countries around the world”.
“As we have done since 2008, Microsoft’s DCU will continue its efforts to prevent the spread of malware by filing civil lawsuits to protect customers in the many countries around the world where it is applicable. these laws.”
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
Darren Mann, Kathryn Kuttler and Dr. Peter Haug will provide more details during the HIMSS23 session “Improved Patient Care Through Interoperable Clinical Decision Support In Real Time”. That is the schedule for Thursday, April 20 at 4pm – 5pm CT at South Building, 1st Floor, room S105 C.
