US Hospitals hit by Russian ransomware in coordinated attack

[essentialsaltes]

Russian-speaking cybercriminals in recent days have launched a coordinated attack targeting U.S. hospitals already stressed by the coronavirus pandemic with ransomware that analysts worry could lead to fatalities.

In the space of 24 hours beginning Monday, six hospitals from California to New York have been hit by the Ryuk ransomware, which encrypts data on computer systems, forcing the hospitals in some cases to disrupt patient care and cancel noncritical surgeries, analysts said.

The criminals have demanded a ransom ranging upward of $1 million to unlock the system, and some hospitals have paid, they said.

On Tuesday, the FBI, the Department of Homeland Security and the Department of Health and Human Services issued a joint advisory alerting health-care providers to the threat.

 

[dqhall]

Russian-speaking cybercriminals in recent days have launched a coordinated attack targeting U.S. hospitals already stressed by the coronavirus pandemic with ransomware that analysts worry could lead to fatalities.

In the space of 24 hours beginning Monday, six hospitals from California to New York have been hit by the Ryuk ransomware, which encrypts data on computer systems, forcing the hospitals in some cases to disrupt patient care and cancel noncritical surgeries, analysts said.

The criminals have demanded a ransom ranging upward of $1 million to unlock the system, and some hospitals have paid, they said.

On Tuesday, the FBI, the Department of Homeland Security and the Department of Health and Human Services issued a joint advisory alerting health-care providers to the threat.

I read an article some time ago about ransomware attacks originating from Russia and North Korea.

 

[ThatRobGuy]

Ransomware is nasty business.

It's shocking that major institutions (like hospitals and city/state governments) don't have better protections in place for such things.

In many cases, even if the "ransom" is paid, the hackers still don't unlock/decrypt the data...so moneys paid is all for naught.

We had 9 different "ransomwares" tried to infect our company's network over the last 9 months. Thankfully, we have a pretty good InfoSec team at our company that were able to identify the threat and squash it.

I've had the opportunity to disassemble some of the code they write for attacks like this, and while what they write is pretty intuitive, the weak-point in any corporate/government entity that gets infected by it is poor employee training.

In a lot of these cases, the ransomware gets onto the corporate network by an employee opening a suspicious attachment, or by the organization not being very careful when they "let go" of certain employees who have an intimate knowledge of their internal infrastructure (server names, which ports are open on the DMZ, etc...)

Every company has certain "holes" in their firewall...it's how data from the outside world (whether it be for ordering products, or data transfer from one vendor to another) makes it into internal databases, etc... Spiteful "ex-employees" are a real weak point in that regard. Any company with an InfoSec team worth their salt, knows to change TCP/UDP/SFTP ports used for such traffic when a disgruntled employee "parts ways" with the organization.