Ryuk ransomware returns and takes multiple US hospitals offline

(Image credit: Rawpixel / Pixabay)

Multiple hospitals across the US have been hit by a ransomware attack, taking vital healthcare systems offline.

The attack is thought to be Ryuk ransomware, operated by the Russian cybercriminal syndicate Wizard Spider, which can lock out users and encrypt devices until a ransom is paid.

A joint advisory issued by the CISA, FBI and Department of Health and Human Services mentioned, "credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers."

Ryuk attacks

The US government has hosted an emergency call with key players in the healthcare industry to update them, with hospitals across the US have been affected by the attack spree, with facilites in New York, Vermont and Oregon seeing disruption to their services.

Ryuk first emerged as a major cybersecurity threat in 2019 after a number of big businesses were targeted by the ransomware.

Earlier this year, Universal Health Services (UHS), which operates circa 400 healthcare facilities in the UK and US, confirmed it has been hit by Ryuk, with the organization’s computer systems have been locked and access to phone systems also affected.

Researchers from security firm Check Point have found that in the past month, ransomware attacks against the healthcare sector in the US increased 71% compared to September, and in EMEA attacks increased by 36%. The company added that its data showed the Ryuk ransomware was responsible for 75% of the attacks on the U.S. healthcare sector in October.

“The increase in ransomware attacks began with the advent of the coronavirus pandemic, as organizations scrambled to enact remote workforces, leaving significant gaps in their IT systems," noted Check Point Head of Threat Intelligence Lotem Finkelsteen. 

"However, the last three months alone have shown alarming surges in ransomware attacks, and this new targeting of the healthcare sector is a particularly worrying development, because of the potential consequences. We strongly urge healthcare organizations everywhere to be extra vigilant.”

Via Bleeping Computer

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.