FBI Warns American Hospitals of Ransomware Attack
A new ransomware attack appears to be targeting American hospitals. Several hospitals in the country have already been victims of similar attacks with RYUK malware.
The federal police department FBI and the national security agency CISA (US Cybersecurity and Infrastructure Security Agency) have meanwhile published a warning.
They report having information indicating an upcoming wave of cyber attacks on hospitals and other healthcare facilities. Hundreds of hospitals could be in the crosshairs.
In ransomware, a company’s computers are encrypted, and victims have to pay to get them released. During a pandemic, attacking these institutions is particularly vicious (potentially resulting in fatalities). Still, there is also a high probability that hospitals will pay simply because they cannot afford the downtime.
According to the US government, several hospitals have been attacked in the past two days alone, news channel CNN writes.
According to KrebsonSecurity, a generally knowledgeable security researcher, it is the Russian criminal gang behind Ryuk ransomware that plans to carry out multiple attacks.
The Ryuk ransomware is the one that shut down hundreds of Universal Health Services hospitals in the US in September, and that also appeared to be at the root of the cyber attack on IT service provider Sopra Steria.
The ransomware in question has already made a lot of victims this year, and is also difficult to detect, according to KrebsonSecurity, because the attack vectors often differ per victim. So there is not one specific vulnerability that you can fix to ensure that business systems are safe.
Moreover, once the malware is in the network, it is difficult to get rid of it. Ryuk, for example, turns off Windows System Restore, so that you cannot go back to work without external backups.