Ryuk ransomware is being aggressively deployed to target US healthcare institutions, government cyber organisations in the US have warned.
"CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers," the cybersecurity, investigative, and healthcare agencies said in a joint statement published overnight.
They warned that the American healthcare sector is at particular risk of attack, saying in an advisory note:
The caution comes as US hospitals faced an unusually high level of malware and ransomware attacks in spite of promises from criminals earlier this year that they would avoid targeting medical institutions. Just four weeks ago, the IT network of Universal Health Services, which operates over 400 hospitals stateside, was hit by malware, but it would not specify the strain and declined to comment on whether it was Ryuk.
The uptick in ransomware generally has been noted by most major infosec companies but Ryuk in particular has surged this year. FireEye stated that three particular malware families it had codenamed Kegtap, Singlemalt, and Winekey had all been targeting medical institutions through loader and backdoor-exploiting campaigns.
Those campaigns started in some cases with emails distributed through Sendgrid, which directed recipients to a malicious Google document, with recent variations using a similar MO but over attacker-controlled email infrastructure. Clicking links in the documents downloads malware binaries that are then executed on the victim's machine, with the malware being ..