Meet the ransomware gang behind 235 attacks on US hospitals: 7 things to know 

Listen

Responsible for one-third of the 203 million U.S. ransomware attacks in 2020, the Ryuk ransomware gang is the most prolific in the world and has targeted at least 235 hospitals, according to a June 10 Wall Street Journal report. 

Seven things to know: 

1. With ties to Russian government security services and named after its signature software, Ryuk has hit at least 235 general hospitals and inpatient psychiatric facilities in addition to dozens of other healthcare facilities in the U.S. since 2018. 

2. Ryuk ransomware collected at least $100 million in paid ransom last year, according to Bitcoin analysis firm Chainalysis. Some of the criminal group's most recent healthcare targets include King of Prussia, Pa.-based Universal Health Services, which lost $67 million from Ryuk's malware attack last September, and DCH Health System in late 2019. 

3. While some ransomware gangs avoid hospitals over fear of disrupting operations that could lead to patient deaths, Ryuk doesn't care, ransomware recovery firm Coverware CEO Bill Siegel told the WSJ. "Other groups you can at least have a conversation. You can tell them, 'We're a hospital, someone's going to die.' Ryuk won't even reply to that email." 

4. Ryuk uses disposable webmail accounts to negotiate with victims and speaks with a "single, consistent voice, terse and to the point, and offering no hint of a personality," consultants who have negotiated with the hackers told the WSJ

5. Tim Cook, head of threat intelligence at Guidepoint Security, told the publication that he has dealt with Ryuk in 15 ransomware cases, four of them being hospitals. Every conversation he has had with the hackers hasn't been more than one or two sentences. 

6. Ryuk also uses victims' financial documents during some negotiations, Mr. Cook said, adding that in certain instances he tried telling the hackers that his clients couldn't afford to pay the ransom, to which Ryuk "respond[ed] back with financial documents in their email and sa[id], 'Yes you can.'" 

7. Ryuk counts on its attacks to wreak havoc, said Alex Holden, a security analyst who monitors the Easter European underground. Last October, he said he saw a Ryuk organizer discussing plans online to attack 400 hospitals in the U.S. and saying they "expect panic." 

Click here to view the full report.

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Whitepapers

Featured Webinars