Even during a pandemic, Ryuk ransomware attacks hospitals

Ryuk ransomware operators do not seem to care about human values and lives, as according to information security experts, they continue to attack hospitals even during a pandemic.

Last week, we talked about how Bleeping Computer contacted the operators of such well-known cryptographers as Maze, DoppelPaymer, Ryuk, Sodinokibi (REvil), PwndLocker and Ako, and asked them if they would continue in such difficult times for the whole world attack medical facilities and organizations.

The hacking groups behind the development of DoppelPaymer and Maze reported that they would stop working with any medical organizations and institutions until the end of the pandemic, and DoppelPaymer operators even promised to decrypt the data free if the attack accidentally affects doctors.

Now, Bleeping Computer reports that not all hack groups are ready to stop attacks during the coronavirus pandemic. For example, Ryuk ransomware operators are definitely not going to stop. Although the malware operators did not respond to journalists’ requests last week, on March 26, 2020, an expert at Sophos told Twitter that a cryptographer attacked an unnamed medical facility in the United States.

I can confirm that #Ryuk ransomware is still targeting hospitals despite the global pandemic. Currently I’m looking at a US health care providers, which were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP”, – said the expert.

In turn, the head of the research department of SentinelOne Vitaly Kremez told that over the past month he had seen Ryuk attack on at least 10 medical organizations. Of these, two were independent hospitals, and another was a health care network, which included 9 hospitals in the United States. According to Bleeping Computer, one of the hospitals is located in an area where the situation with the number of cases is very difficult.

Not only have they not stopped attacking healthcare targets, we are also seeing an ongoing trend of attacks on healthcare organizations in the midst of a global pandemic. While some extortion groups at least participated in a dialogue on ending extortion in the health sector and admitted that everyone understands, Ryuk operators are silent and harassing medical organizations and institutions, despite our calls to stop”, – says Kremez.

However, Maze operators, according to information security experts, also did pretend to be noble for a long time. Have a nice weekend and beware of any viruses!