{"id":14348,"date":"2020-05-07T23:12:45","date_gmt":"2020-05-07T21:12:45","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14348"},"modified":"2024-10-05T23:05:11","modified_gmt":"2024-10-05T21:05:11","slug":"fresenius-vermutlich-opfer-eines-snake-ransomware-angriffs","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/05\/07\/fresenius-vermutlich-opfer-eines-snake-ransomware-angriffs\/","title":{"rendered":"Fresenius probably victim of a Snake Ransomware attack"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/05\/07\/fresenius-vermutlich-opfer-eines-snake-ransomware-angriffs\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The medical technology and health care company Fresenius has fallen victim to a ransomware attack. According to my information, it could be the snake ransomware. As a result, the company had to cut back some of its production.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/492a86f176d34c6c8cf01dfc6c8dd8f5\" alt=\"\" width=\"1\" height=\"1\" \/><a href=\"https:\/\/www.fresenius.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Fresenius<\/a> is a company registered as a SE &amp; Co. KGaA in Germany. It'is a medical technology and health care company based in Bad Homburg vor der H\u00f6he, Hesse, Germany. It is one of the largest private hospital operators in Germany and is also active in the pharmaceutical and healthcare services sector. Fresenius employs 300,000 people worldwide and holds a majority stake in the dialysis specialist <a href=\"https:\/\/de.wikipedia.org\/wiki\/Fresenius_Medical_Care\" target=\"_blank\" rel=\"noopener noreferrer\">Fresenius Medical Care<\/a>.<\/p>\n<p><img decoding=\"async\" title=\"KRITIS-Netzwerk\" src=\"https:\/\/i.imgur.com\/yNk8TvY.jpg\" alt=\"KRITIS-Netzwerk\" \/><br \/>\n(Source: Pexels Markus Spiske CC0 Lizence)<\/p>\n<h2>Ransomware attack on the IT systems<\/h2>\n<p>On May 6, 2020, it became known that Fresenius was the victim of a ransomware attack. I recognized it first on German IT site <a href=\"https:\/\/www.heise.de\/newsticker\/meldung\/Malware-Infektionen-Fresenius-schraenkt-Produktion-voruebergehend-ein-4715856.html\" target=\"_blank\" rel=\"noopener noreferrer\">heise<\/a> \u2013 see the following tweet.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"de\"><a href=\"https:\/\/twitter.com\/hashtag\/COVID19?src=hash&amp;ref_src=twsrc%5Etfw\">#COVID19<\/a> Normalisierung auch bei Erpressungstrojanern. Eigentlich wollten die Kriminellen die Hersteller von lebenswichtigen Medizinprodukten verschonen. Der Fresenius Hack zeigt, das gilt nicht mehr. <a href=\"https:\/\/t.co\/ov5NMhxToH\">https:\/\/t.co\/ov5NMhxToH<\/a><\/p>\n<p>\u2014 Bernd Sch\u00f6ne (@schoenetexte) <a href=\"https:\/\/twitter.com\/schoenetexte\/status\/1258240697582452742?ref_src=twsrc%5Etfw\">May 7, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The health care and medical technology company Fresenius 'reportedly detected infections with unspecified malware on company computers'. The company's IT experts are trying to find a solution to the problem or to clean up the systems.<\/p>\n<h3>Production impaired, hospital operation not at risk<\/h3>\n<p>A company spokesperson told heise that <em>'steps have been taken in accordance with an internally developed security protocol to prevent further proliferation'<\/em>. This is associated with certain restrictions in production. According to the company spokesman, the care of patients in Fresenius' hospitals and dialysis facilities is \"always guaranteed\".<\/p>\n<h3>Subsidiary Fresenius Kabi with Snake-Ransomware infection<\/h3>\n<p>In <a href=\"https:\/\/www.heise.de\/newsticker\/meldung\/Malware-Infektionen-Fresenius-schraenkt-Produktion-voruebergehend-ein-4715856.html\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>, heise reported that the wholly-owned subsidiary Fresenius Kabi at its Norwegian site in Halden is infected by malware in its IT system. The term ransomware is used there. This is also confirmed in <a href=\"https:\/\/www.cyberscoop.com\/fresenius-health-care-cyberattack-coronavirus\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a> &#8211; the Norwegian article is not freely available.<\/p>\n<p>During my research for this blog post I came across <a href=\"https:\/\/krebsonsecurity.com\/2020\/05\/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a> by Brian Krebs. Krebs was contacted on Tuesday by a reader who wanted to remain anonymous. The source told Krebs that a relative works for Fresenius Kabi's US subsidiaries. This person had reported that computers in his company's building had been disconnected from the network and that a cyber attack had affected every part of the company's global operations.<\/p>\n<p>The source named the snake ransomware as the source of the infection. This coincides with the statements of a security researcher in <a href=\"https:\/\/twitter.com\/VK_Intel\/status\/1258075372261986311\" target=\"_blank\" rel=\"noopener noreferrer\">this tweet<\/a>. The ransomware was first described in early January 2020, as I read in <a href=\"https:\/\/web.archive.org\/web\/20210613091350\/https:\/\/www.mcafee.com\/enterprise\/de-de\/threat-center\/threat-landscape-dashboard\/ransomware-details.snake-ransomware.html\" target=\"_blank\" rel=\"noopener noreferrer\">this McAfee document<\/a>. The ransomware is used to blackmail large corporations.<\/p>\n<p><strong>Addendum:<\/strong> Bleeping Computer has <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/large-scale-snake-ransomware-campaign-targets-healthcare-more\/\" target=\"_blank\" rel=\"noopener noreferrer\">here an article<\/a>, saying that large scale Snake Ransomware campaign targets healthcare.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The medical technology and health care company Fresenius has fallen victim to a ransomware attack. According to my information, it could be the snake ransomware. As a result, the company had to cut back some of its production.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[447,243,69],"class_list":["post-14348","post","type-post","status-publish","format-standard","hentry","category-security","tag-hack","tag-ransomware","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14348"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14348\/revisions"}],"predecessor-version":[{"id":35934,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14348\/revisions\/35934"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}