A security researcher on Monday said the recent ransomware attacks on hospital chains in Florida and Texas are tied to the Conti ransomware gang.

Jamie Hart, cyber threat intelligence analyst at Digital Shadows, confirmed that Leon Medical Centers and Nocona General Hospital were both found on the Conti ransomware data leak site. Leon Medical was posted on December 21, 2020, and Nocona on February 3, 2021.

Hart said the Conti gang reportedly sent malicious phishing emails to Leon Medical in September 2020 and used a Microsoft Server Message Block vulnerability (CVE-2020-0796) to access an admin account. From there, the attackers used the well-known tools BloodHound and Mimikatz to dive deeper into victim networks. The researcher added that the Conti operators updated the post for Leon Medical earlier today and the Nocona General Hospital post on Feb. 3, exposing more data, thus increasing the pressure to pay the group.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.