Security News > 2020 > September > Large US hospital chain hobbled by Ryuk ransomware
The attack involved ransomware - Ryuk ransomware, to be more specific.
Ryk extension and another employee described a ransom note that points to Ryuk ransomware.
Justin Heard, Director of Security, Intelligence and Analytics at Nuspire, noted that up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare.
"Ryuk is known to target large organizations across industries because it demands a very high ransom. The ransomware operators likely saw UHS as the opportunity to make a quick buck given the urgency to keep operations going, and the monetary loss associated with that downtime could outweigh the ransom demand," he explained.
"Ryuk Ransomware is run by a group called Wizard Spider, which is known as the Russia-based operator of the TrickBot banking malware. Ryuk is one of the most evasive ransomware out there. Nuspire Intelligence has repeatedly seen the triple threat combo of Ryuk, TrickBot and Emotet to wreak the most damage to a network and harvest the most amount of data."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/6jj9j2JGoFU/
Related news
- McLaren hospitals disruption linked to INC ransomware attack (source)
- Ransom Cartel, Reveton ransomware owner arrested, charged in US (source)
- US accuses man of being 'elite' ransomware pioneer they've hunted for years (source)
- Alleged Karakut ransomware scumbag charged in US (source)
- US Marshals Service disputes ransomware gang's breach claims (source)
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)
- Ransomware forces hospital to turn away ambulances (source)