In 2023, the ransomware organization "CrimsonLocker" attacked 15 hospitals across the United States, encrypted patient diagnosis and treatment systems and demanded Bitcoin ransom, threatening that delayed treatment would lead to patient death.
Mission controversy and breakthrough:
CFIT initially encountered authority doubts because "medical institutions are under the jurisdiction of the Department of Homeland Security", but according to Chapter 5 of the Critical Infrastructure Protection Act, hospitals were identified as "core assets of national security" and took over the case urgently:
The technical team reversed the malware and found that it used the vulnerability exploitation toolkit leaked by the Russian military.
The decryption key was obtained through the honeypot trap and distributed to the victim institution for free.
International cooperation:
The Ukrainian Cybersecurity Agency provided offline identity intelligence of the hacker group.
Interpol Red Notice hunted down 8 members.
Milestone significance:
Push Congress to pass the Medical Cybersecurity Emergency Response Act, authorizing CFIT to directly intervene in investigations during public health crises.