[German]The medical technology and health care company Fresenius has fallen victim to a ransomware attack. According to my information, it could be the snake ransomware. As a result, the company had to cut back some of its production.
Fresenius is a company registered as a SE & Co. KGaA in Germany. It’is a medical technology and health care company based in Bad Homburg vor der Höhe, Hesse, Germany. It is one of the largest private hospital operators in Germany and is also active in the pharmaceutical and healthcare services sector. Fresenius employs 300,000 people worldwide and holds a majority stake in the dialysis specialist Fresenius Medical Care.
(Source: Pexels Markus Spiske CC0 Lizence)
Ransomware attack on the IT systems
On May 6, 2020, it became known that Fresenius was the victim of a ransomware attack. I recognized it first on German IT site heise – see the following tweet.
#COVID19 Normalisierung auch bei Erpressungstrojanern. Eigentlich wollten die Kriminellen die Hersteller von lebenswichtigen Medizinprodukten verschonen. Der Fresenius Hack zeigt, das gilt nicht mehr. https://t.co/ov5NMhxToH
— Bernd Schöne (@schoenetexte) May 7, 2020
The health care and medical technology company Fresenius ‘reportedly detected infections with unspecified malware on company computers’. The company’s IT experts are trying to find a solution to the problem or to clean up the systems.
Production impaired, hospital operation not at risk
A company spokesperson told heise that ‘steps have been taken in accordance with an internally developed security protocol to prevent further proliferation’. This is associated with certain restrictions in production. According to the company spokesman, the care of patients in Fresenius’ hospitals and dialysis facilities is “always guaranteed”.
Subsidiary Fresenius Kabi with Snake-Ransomware infection
In this article, heise reported that the wholly-owned subsidiary Fresenius Kabi at its Norwegian site in Halden is infected by malware in its IT system. The term ransomware is used there. This is also confirmed in this article – the Norwegian article is not freely available.
During my research for this blog post I came across this article by Brian Krebs. Krebs was contacted on Tuesday by a reader who wanted to remain anonymous. The source told Krebs that a relative works for Fresenius Kabi’s US subsidiaries. This person had reported that computers in his company’s building had been disconnected from the network and that a cyber attack had affected every part of the company’s global operations.
The source named the snake ransomware as the source of the infection. This coincides with the statements of a security researcher in this tweet. The ransomware was first described in early January 2020, as I read in this McAfee document. The ransomware is used to blackmail large corporations.
Addendum: Bleeping Computer has here an article, saying that large scale Snake Ransomware campaign targets healthcare.
Cookies helps to fund this blog: Cookie settings