Biggest medical company with 300,000 employees infected by Snake Ransomware. ESET antivirus and Solarwinds SIEM didn’t protected

According to data security training specialists, Fresenius, Europe’s largest private hospital operator company, has been the victim of a ransomware attack on its IT systems. The company said the incident has limited some of its operations, but that patient care services remain smoothly.

Fresenius Group is integrated by four independent firms:

  • Fresenius Medical Care, a care provider for patients with renal impairment
  • Fresenius Helios, private hospital operator
  • Fresenius Kabi, which supplies medicines and medical devices
  • Fresenius Vamed, which manages health care facilities

A couple of days ago, a user of the KrebsOnSecurity website (who asked to remain anonymous) revealed that one of his relatives working for Fresenius in the U.S. reported that all computer equipment in the building had been compromised by a cyberattack, affecting the company’s operations globally, as mentioned by data security training experts.

The informant claims that it is an infection of the Snake ransomware, a little-known and identified variant in early 2020. As usual in these attacks, the company’s data was encrypted and hackers demand a payment in Bitcoin in exchange for restoring access to compromised information.

Shortly after this leak, a company spokesman stated, “I can confirm that Fresenius’ IT team detected a virus on the company’s computers. We implemented some security protocols in response to the incident, so we get the infection deployed on a large scale; our IT teams continue to work to resolve the issue as soon as possible to ensure that our operations are maintained.”

Recently an untimely wave of similar attacks has been detected against medical service providers, data security training experts report. In April, Interpol issued a report pointing to an unusual increase in ransomware attacks against health companies, in which threat actors try to capitalize on the pandemic to force a cash ransom.

According to the International Institute for Cyber Security (IICS), the Department of Homeland Security issued a joint alert with the UK’s National Cyber Security Centre, informing health companies about the most large-facing threat actor groups as well as their main attack methods.

Another risk faced by companies is the leaking of sensitive data, as threat actors often resort to exposing business information as a way to pressure companies that are victims of ransomware.