In a secret chat room run by a group of Russian-affiliated cybercriminals, a hacker expressed excitement about a plan to attack and disable more than 400 U.S. hospitals. “There will be panic,” the hacker wrote, in Russian.
It was 2020, at a severe point in the pandemic, and the gang planned to hold hostage the computer systems of the hospitals, many of which were fighting to save Covid-19 patients.
U.S. authorities and cybersecurity researchers foiled large parts of the plan, warning hospitals before the hackers’ ransomware could be installed, but the hackers shrugged off the setback, according to a cache of data and documents leaked online in recent weeks.
The hacking enterprise, called the Trickbot Group by federal prosecutors, and its affiliates had already collected hundreds of millions of dollars by shutting down emergency rooms, city governments and public schools since 2018.
“I find it all funny,” wrote a Trickbot hacker who used the pseudonym “target,” in a message, after the plan was thwarted, to “stern,” the group’s leader and paymaster.
This wide-open view of the inner workings of what is perhaps the world’s biggest and most dangerous organized cybercrime group is a surprising consequence of the war in Ukraine. An anonymous researcher who had infiltrated the group’s servers, and who identified himself as Ukrainian, posted the data on Twitter on Feb. 27. “Ukraine will Rise!” he then wrote in a March 2 tweet.