Who is behind this year's string of cyberattacks? - East Idaho News
Science & Technology

Who is behind this year’s string of cyberattacks?

  Published at  | Updated at

POCATELLO — Over the last seven months, at least four cyberattacks have been launched against major eastern Idaho organizations. Three have been against hospitals, and one against the Idaho National Laboratory.

This has led some EastIdahoNews.com readers to wonder why so many have happened this year and who is behind them. Kurt Pipal, the Federal Bureau of Investigation cyber agent for Idaho, said the culprits may not even realize they’re attacking targets in the Gem State.

“We see it as a localized group, (but) I don’t even know if these people overseas know where Pocatello is,” Pipal said.

According to the Institute for Security and Technology, at least 299 hospitals have been hit with ransomware attacks in 2023. Pipal said that cybercriminals are “opportunistic” and that there wouldn’t be evidence to support the notion that they organized attacks regionally.

Pipal said there are there is a number of different types of cyberattacks, but the commonality between all of them is that they’re a “cyber intrusion, or a computer intrusion. So it’s anything where people access your network or your devices in an unauthorized method.”

Under this definition, an organization or an individual can find themselves under a cyberattack.

Pipal said that most of the time, when cybercriminals hit individuals or organizations, they’re looking for money. Frequently, it’s to get a ransom, and other times, it’s to sell the information they gather. He said an organization might also be hit by a hacktivist that disagrees with its politics or policies, publishing embarrassing or sensitive information.

Cybercriminals are often located overseas in countries where it’s hard for the United States to extradite them. These criminals often communicate with each other through encrypted messaging.

“They’re kind of protected, and they’re very interconnected,” Pipal said. “I mean, organized crime is the best way to liken it.”

He said that cybercriminals have a payment structure, and if they don’t do certain things, they could be blacklisted and have their access to certain tools cut off.

“They’re connected, they’re organized, they’re doing this with a purpose,” Pipal said. “Not everyone’s just out for themselves.”

What attacks have happened in east Idaho?

At least two ransomware attacks have happened in Idaho recently.

Pipal said a ransomware attack is essentially blackmail, a hacker accesses your network and encrypts your data. The hacker then sends a note with a ransom to release the data. The FBI does not recommend paying this ransom.

Ardent Health Systems, the parent company of Portneuf Medical Center in Pocatello, discovered that it was under a ransomware attack on Thanksgiving. Ardent is still working to resolve this attack.

RELATED | Portneuf Medical Center latest in a string of cyberattacks

And the other known ransomware attack was against Madison Memorial Hospital in Rexburg on Nov. 5. Thanks to quick work from the hospital’s IT department, the staff shut off systems before the hackers could encrypt hospital data.

RELATED | Rexburg hospital forced to shutdown online systems following cyberattack

It’s unclear what kind of cyberattack Mountain View Hospital was hit with on May 30. The hospital has not confirmed or denied if it was a ransomware attack.

RELATED | Mountain View Hospital restores clinical functions; culprit behind cyberattack still unknown

An outlier among these attacks is the one against the Idaho National Laboratory on Nov. 19. This attack was launched by a politically-motivated group of hacktivists who breached employee data and published it on its Telegram page. The sensitive information was up for days before it was eventually removed.

RELATED | After data breach, Idaho National Laboratory publishes information about who is impacted

What can you do?

Although it may be overwhelming at first, measures can be taken to protect an individual or an organization from cybercriminals.

It’s important for organizations to have a backups of their data to restore its systems in the case of a ransomware attack.

Organizations should also shut down the affected systems to prevent a cybercriminal from accessing a “back door,” or way back in. If hackers regain access, the victims may find themselves in the same ransom situation as before.

For individuals, they should keep their systems up to date and install strong anti-virus software. They should also vary the passwords for their online accounts and make them strong and unique.

People shouldn’t open attachments they’re not expecting from email addresses they don’t recognize. They also shouldn’t conduct sensitive transactions on a public wifi network.

If someone becomes the victim of an internet crime, they should file a report with the FBI’s Internet Crime Complaint Center.