Even during a pandemic, Ryuk ransomware attacks hospitals

by Emma Davis
March 28, 2020
Ryuk ransomware attacks hospitals
Written by Emma Davis

Ryuk ransomware operators do not seem to care about human values and lives, as according to information security experts, they continue to attack hospitals even during a pandemic.

Last week, we talked about how Bleeping Computer contacted the operators of such well-known cryptographers as Maze, DoppelPaymer, Ryuk, Sodinokibi (REvil), PwndLocker and Ako, and asked them if they would continue in such difficult times for the whole world attack medical facilities and organizations.

The hacking groups behind the development of DoppelPaymer and Maze reported that they would stop working with any medical organizations and institutions until the end of the pandemic, and DoppelPaymer operators even promised to decrypt the data free if the attack accidentally affects doctors.

Now, Bleeping Computer reports that not all hack groups are ready to stop attacks during the coronavirus pandemic. For example, Ryuk ransomware operators are definitely not going to stop. Although the malware operators did not respond to journalists’ requests last week, on March 26, 2020, an expert at Sophos told Twitter that a cryptographer attacked an unnamed medical facility in the United States.

I can confirm that #Ryuk ransomware is still targeting hospitals despite the global pandemic. Currently I’m looking at a US health care providers, which were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP”, – said the expert.

In turn, the head of the research department of SentinelOne Vitaly Kremez told that over the past month he had seen Ryuk attack on at least 10 medical organizations. Of these, two were independent hospitals, and another was a health care network, which included 9 hospitals in the United States. According to Bleeping Computer, one of the hospitals is located in an area where the situation with the number of cases is very difficult.

Not only have they not stopped attacking healthcare targets, we are also seeing an ongoing trend of attacks on healthcare organizations in the midst of a global pandemic. While some extortion groups at least participated in a dialogue on ending extortion in the health sector and admitted that everyone understands, Ryuk operators are silent and harassing medical organizations and institutions, despite our calls to stop”, – says Kremez.

However, Maze operators, according to information security experts, also did pretend to be noble for a long time. Have a nice weekend and beware of any viruses!

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

4 Comments

  1. Sheun March 30, 2020

    i was attacked with an online ID it says decryption impossible

    Reply
    • Andrej March 31, 2020

      Hi Brendan?

      Do you have any information how to handle if attacked with online ID? For me it also says impossible.

      Thank you!

      Reply
  2. Uoc April 4, 2020

    No key for New Variant online ID: 21PrYf1Tf5aw2zwiDhKgpQijBRahD76ccCYkAcYM
    Notice: this ID appears to be an online ID, decryption is impossible

    Reply
  3. Mohammed April 18, 2020

    Some of my files are retrieved using Photorec_win.exe, I tried many recovery tools and I found this works well.
    you can find it in Hireon’s Boot CD 15.2
    Hope this helpful

    Reply

Leave a Reply

Sending