Ryuk ransomware poses a credible and imminent threat to US healthcare industry, claims advisory from the FBI, CISA, and HHS.
Hospitals told to harden their defences and ensure they have a mitigation strategy which can be deployed quickly. US Hospitals and healthcare providers have been warned that there is evidence of a credible and imminent threat that they will be targeted by ransomware.
In an alert jointly released by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS), the agencies reveal that it has "credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers."
Specifically, the advisory, entitled "Ransomware Activity Targeting the Healthcare and Public Health Sector", warns that malicious hackers are plotting to infect hospitals with the notorious Ryuk ransomware.
Such an infection, typically initiated with an infection of the Trickbot malware, could result in the theft of sensitive medical data and the disruption of healthcare services.
As security blogger Brian Krebs explains, the situation is complicated by the fact that the gang of criminals behind the Ryuk ransomware will often customise their attacks to specific targets - meaning there is little in the way of indicators of compromise (IoCs) that can be shared in advance across the healthcare industry.
And that must be a frightening thought for the hundreds of hospitals and healthcare organisations which could imminently be facing an attack, that could even put patients' lives at risk.
The administrators of medical organisations will have seen the
hospitals
warned
threat
imminent
ransomware
attack
