September 29, 2023

Healthcare know-how large Siemens Healthineers stated it’s investigating a possible ransomware incident at considered one of its subsidiaries after claims of an assault had been made by the LockBit ransomware group.

Final week, LockBit added to its leak web site Varian — a radiation oncology therapies and software program maker acquired by Siemens Healthineers two years in the past.

A Siemens Healthineers spokesperson acknowledged the LockBit claims with out confirming information had been stolen, and stated the company has “complete measures in place to mitigate cybersecurity danger.”

“We’re conscious that information has been revealed on the LockBit web site. It alleges that the info is expounded to the Varian enterprise phase of Siemens Healthineers,” the spokesperson informed Recorded Future Information. Siemens Healthineers itself was spun off in 2017 from the namesake German conglomerate, which retains a 75 % stake.

“We now have activated our incident response protocol and have a devoted taskforce investigating the incident,” together with “inner and exterior specialists,” the spokesperson stated.

It’s unclear how a lot ransom LockBit seeks. The alleged assault on Varian was one in a sequence of current incidents involving healthcare organizations based mostly within the U.S.

On Thursday, the gang added United Medical Facilities to its leak web site. The healthcare facility, positioned in Southwest Texas on the U.S.-Mexico border, didn’t reply to requests for remark however introduced points with its community two weeks in the past.

Officers stated they had been “experiencing technical difficulties” with their community and had been “actively addressing the problem to revive regular operations as swiftly as attainable.”

“We need to reassure you that regardless of the community disruption, a few of our suppliers are nonetheless obtainable and dealing diligently to proceed offering important medical providers to our sufferers,” they stated on July 27.

LockBit on shaky floor?

The most recent LockBit postings come as cybersecurity specialists are questioning the cybercrime group’s operational power after the discharge of a bombshell report from Jon DiMaggio, chief safety strategist at Analyst1.

In a followup to his earlier report on the ransomware gang, DiMaggio stated he not solely infiltrated the group utilizing pretend personas however communicated with a number of gang members, associates and victims.

In line with DiMaggio, LockBit’s management vanished and was unreachable over the primary two weeks of August earlier than resurfacing on August 13.

On account of points with its backend infrastructure and obtainable bandwidth, the group is struggling to publish the info it steals throughout assaults, DiMaggio stated. LockBit is basically pressuring victims to pay ransoms purely off of its repute as probably the most prolific ransomware group at present working, he stated.

“Associates are leaving LockBit’s program for its rivals. They know that LockBit is unable to publish giant quantities of sufferer information, regardless of its claims,” DiMaggio defined.

“Moreover, it takes them days to weeks to evaluation the correspondence and reply to their affiliate companions. Some requests merely go unaddressed by the LockBit gang.”

DiMaggio added that the gang’s operation is degrading and has been “gradual to develop its infrastructure and growth wants” — inflicting associates to go away the group and be part of different ransomware organizations.

In June, the FBI arrested 20-year-old Russian nationwide Ruslan Astamirov for allegedly focusing on victims all over the world with the infamous LockBit ransomware. That arrest adopted the detainment of one other LockBit affiliate, Mikhail Vasiliev, in Canada final November.

Since rising in 2020, the gang has launched over 1,400 assaults in opposition to victims within the U.S. and all over the world, issuing over $100 million in ransom calls for and receiving at the least tens of tens of millions of {dollars} in precise ransom funds, in keeping with the U.S. Division of Justice.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information retailers in South Africa, Jordan and Cambodia. He beforehand lined cybersecurity at ZDNet and TechRepublic.