The CTI League issued its first Darknet Report, cataloging criminal activity related to healthcare and the COVID pandemic. For the first time, the CTI League pulls back the curtain on the CTIL Dark group which works tirelessly to disrupt criminal and harmful behavior, working in support of its healthcare and law enforcement partners. This latest report reveals:

  • The top five ransomware variants that impacted healthcare in 2020 are Maze, Conti, Netwalker, Revil, and Ryuk, affecting over 100 organizations.
  • Nearly two-thirds of healthcare cybercrime victims were in North America and Europe, with victims in every populated continent.
  • Demand for backdoor access to healthcare networks increased significantly from prior years.
  • Ransomware attacks against hospitals jumped in Q4, particularly among small and medium organizations, some of which disrupted patient care.
  • The threat group that operated Maze ransomware halted operations and reformed as Egregor.
  • Empire marketplace exit-scammed which resulted in many cybercriminal vendors moving their Covid-themed products to other underground marketplaces.

Read the report: CTIL Darknet Report – 2021

Initial Access Brokers targeting Healthcare industry by Region

Since its founding on March 14, 2020, the CTI League has countered cybercriminal activity, in support of its healthcare and law enforcement partners, including Ransomware attacks, disinformation, phishing, and scams. The report covers each of these topics, giving the background, highlighting some examples of their activity, and offering a forecast for 2021. 

Within the CTI League, there is an entire team of security researchers and law enforcement personnel who monitor various cybercriminal underground networks within the Darknet and Deep/Dark web, called CTIL-Dark. Their days are spent looking for signs of data breaches, targeted attacks, and any other cybercriminal activity that may impact the medical industry or general public health. 

The healthcare sector faces multiple concurrent threats as they are on the front lines of the COVID response, from workforce and equipment shortages to overcrowded facilities, to supply chain bottlenecks, to cyber and physical threats. The CTI League aims to reduce the likelihood and impact of cybersecurity-related issues so that caregivers can continue serving global public health goals. In doing so, the CTI League works directly with some of these organizations, as well as law enforcement, the intelligence community, and information sharing groups.

Those who want to help or to benefit from the CTI-League’s efforts, particularly healthcare organizations, are encouraged to join via the website at https://cti-league.com/join