Ryuk

Ryuk Ransomware Targets Hospitals During Pandemic. The operators of Ryuk Ransomware continue attacking hospitals even though these institutions are overwhelmed during the Coronavirus pandemic.

Last week ransomware groups were contacted and asked if they would target hospitals and other healthcare organizations during the pandemic.

In this pandemic, with the amount of pressure healthcare organizations are under, we were hoping that ransomware operators would avoid these organizations so that they can concentrate on treating patients. It is clear that they do not care about anything other than holding peoples data ransom. Maze and DoppelPaymer Ransomware operators were the only two that reached out online and said that they would not target or encrypt these types of organizations data for now.

Ryuk Ransomware Continues To Target Hospitals

Ryuk was one of the ransomware operations that did not mention they would seize their attacks on these organizations. Ryuk continues to target hospitals even while they are struggling to keep people alive during the Coronavirus pandemic. These people have no remorse and only care about making money. Ryuk Ransomware Targets Hospitals During Pandemic and people need to make sure their IT Environment is secured and can be easily restored from a backup in case of a breach.

As an example, PeterM of Sophos tweeted that a US health care provider was attacked and encrypted overnight by Ryuk Ransomware attackers.

PeterM Ryuk Ransomware Tweet

When asked if there were any compromise indicators (IOCs) that could be exchanged, he claimed that it looked like any other Ryuk attack.

“At the moment it looks like a standard Ryuk attack, they deployed the ransomware with PsExec,” said PeterM.

Peter has seen Ryuk targeting 10 different health-care organizations in a conversation with Vitali Kremez, head of the research division of SentinelOne, over the past month. Of these 10 goals, two are individual hospitals, and the other consists of 9 hospital healthcare networks in the USA.

He Said – “Not only has their healthcare targeting not stopped but we have also seen a continuous trend of exploiting healthcare organizations in the middle of the global pandemic. While some extortionist groups at least acknowledged or engaged in the discourse of stopping healthcare extortionists, the Ryuk operators remained silent pursuing healthcare targeting even in light of our call to stop,”

Given all that our medical professionals deal with around the world, all people, including actors in the field of ransomware, need to give them the space to do their work rather than obstruct them.