Court Order Says Microsoft Allowed To Disrupt Ransomware Gangs

April 7, 2023
An April 6 blog from Microsoft says that on March 31, the U.S. District Court for the Eastern District of New York issued a court order that will allow the company to disrupt infrastructure from threat actors targeting hospitals

According to an April 6 blog post, on March 31, 2023, the U.S. District Court for the Eastern District of New York has issued a court order allowing Microsoft, cybersecurity software company Fortra, and Health Information Sharing and Analysis Center (Health-ISAC) to disrupt malicious infrastructure used by criminals to facilitate attacks on hospitals. The court order allows the organizations to take actions to disrupt cracked, legacy copies of Cobalt Strike—a customizable attack framework intended to be used by penetration testers and security red teams to simulate a real cyberthreat—and abused Microsoft software that cybercriminals use to distribute malware and ransomware.

The blog says that “We will need to be persistent as we work to take down the cracked, legacy copies of Cobalt Strike hosted around the world. This is an important action by Fortra to protect the legitimate use of its security tools. Microsoft is similarly committed to the legitimate use of its products and services. We also believe that Fortra choosing to partner with us for this action is recognition of DCU’s [Microsoft’s Digital Crime Unit] work fighting cybercrime over the last decade. Together, we are committed to going after the cybercriminal’s illegal distribution methods.”

Further, “Cobalt Strike is a legitimate and popular post-exploitation tool used for adversary simulation provided by Fortra. Sometimes, older versions of the software have been abused and altered by criminals. These illegal copies are referred to as ‘cracked’ and have been used to launch destructive attacks, such as those against the Government of Costa Rica and the Irish Health Service Executive. Microsoft software development kits and APIs are abused as part of the coding of the malware as well as the criminal malware distribution infrastructure to target and mislead victims.”

Ransomware gangs associated with or deployed by cracked copies of Cobalt Strike have been linked to more than 68 ransomware attacks impacting healthcare organizations in more than 19 countries, according to the blog. These attacks have not only cost hospital systems millions of dollars in recovery costs, but also caused disruption to critical patient care services.

“Microsoft is also expanding a legal method used successfully to disrupt malware and nation state operations to target the abuse of security tools used by a broad spectrum of cybercriminals,” the blog adds. “Disrupting cracked legacy copies of Cobalt Strike will significantly hinder the monetization of these illegal copies and slow their use in cyberattacks, forcing criminals to re-evaluate and change their tactics. Today’s action also includes copyright claims against the malicious use of Microsoft and Fortra’s software code which are altered and abused for harm.”

Sponsored Recommendations

AI-Driven Healthcare: Empowering Nurses, Clinicians, and Care Teams for Smarter, More Efficient Care

Explore how AI-first ThinkAndor® is transforming nursing workflows and patient care at Sentara, improving outcomes, reducing readmissions, and enhancing care transitions in this...

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...