Security News > 2020 > September > Large US hospital chain hobbled by Ryuk ransomware
The attack involved ransomware - Ryuk ransomware, to be more specific.
Ryk extension and another employee described a ransom note that points to Ryuk ransomware.
Justin Heard, Director of Security, Intelligence and Analytics at Nuspire, noted that up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare.
"Ryuk is known to target large organizations across industries because it demands a very high ransom. The ransomware operators likely saw UHS as the opportunity to make a quick buck given the urgency to keep operations going, and the monetary loss associated with that downtime could outweigh the ransom demand," he explained.
"Ryuk Ransomware is run by a group called Wizard Spider, which is known as the Russia-based operator of the TrickBot banking malware. Ryuk is one of the most evasive ransomware out there. Nuspire Intelligence has repeatedly seen the triple threat combo of Ryuk, TrickBot and Emotet to wreak the most damage to a network and harvest the most amount of data."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/6jj9j2JGoFU/
Related news
- All your 8Base are belong to us: Ransomware crew busted in global sting (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware (source)
- Up to $75M needed to fix up rural hospital cybersecurity as ransomware gangs keep scratching at the door (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- Oracle Health breach compromises patient data at US hospitals (source)