2 min read

FBI Warns Healthcare Sector of Increased Ransomware Activity Commanded by Ryuk Gang

Filip TRUȚĂ

October 29, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI Warns Healthcare Sector of Increased Ransomware Activity Commanded by Ryuk Gang

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint advisory warning the healthcare sector of increased attacks by ransomware threat actors.

In the notice (AA20-302A) the feds claim they “have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sector (HPH) to infect systems with Ryuk ransomware for financial gain.

“CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats,” the advisory states. “CISA encourages users and administrators to review CISA”s Ransomware webpage for additional information.”

Threat actors are said to be targeting the HPH sector with Trickbot malware leading to ransomware attacks, data theft, and the disruption of healthcare services, according to the notice. CISA and the FBI believe these targeted attacks will only be exacerbated by the current pandemic, “therefore, administrators will need to balance this risk when determining their cybersecurity investments.”

AA20-302A includes a bit of history behind the malware employed by threat actors, followed by a long list of technical details for administrators to use to better understand the hackers” breach tactics, complete with indicators of compromise. Three full pages are entirely dedicated to a close inspection of the Ryuk ransomware.

CISA, FBI, and HHS encourage the HPH organizations to maintain business continuity plans and identifying and addressing their security gaps to help keep them functioning during cyberattacks or other emergencies. A list of mitigation steps is also provided to IT administrators in the healthcare industry, including network best practices, ransomware mitigation, and user awareness tips.

The FBI recites the don”t-pay mantra saying, “Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”

Healthcare organizations are instructed to keep regular, password-protected, offline backups of their data, and to have a recovery plan at hand.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read