FBI Warns Healthcare Sector of Increased Ransomware Activity Commanded by Ryuk Gang
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint advisory warning the healthcare sector of increased attacks by ransomware threat actors.
In the notice (AA20-302A) the feds claim they “have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sector (HPH) to infect systems with Ryuk ransomware for financial gain.
“CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats,” the advisory states. “CISA encourages users and administrators to review CISA”s Ransomware webpage for additional information.”
Threat actors are said to be targeting the HPH sector with Trickbot malware leading to ransomware attacks, data theft, and the disruption of healthcare services, according to the notice. CISA and the FBI believe these targeted attacks will only be exacerbated by the current pandemic, “therefore, administrators will need to balance this risk when determining their cybersecurity investments.”
AA20-302A includes a bit of history behind the malware employed by threat actors, followed by a long list of technical details for administrators to use to better understand the hackers” breach tactics, complete with indicators of compromise. Three full pages are entirely dedicated to a close inspection of the Ryuk ransomware.
CISA, FBI, and HHS encourage the HPH organizations to maintain business continuity plans and identifying and addressing their security gaps to help keep them functioning during cyberattacks or other emergencies. A list of mitigation steps is also provided to IT administrators in the healthcare industry, including network best practices, ransomware mitigation, and user awareness tips.
The FBI recites the don”t-pay mantra saying, “Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”
Healthcare organizations are instructed to keep regular, password-protected, offline backups of their data, and to have a recovery plan at hand.
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022