Hospitals Targeted in Rising Wave of Ryuk Ransomware Attacks

  • Healthcare is the most targeted industry, by ransomware, in the US in October
  • October saw a 71% increase in Ransomware attacks against the healthcare sector in the US
  • Ransomware attacks also increased by 33% in APAC and 36% in EMEA

Yesterday, the CISA, FBI, and HHS issued a warning against ransomware attacks on U.S. hospitals, saying they hold credible information of an increased and imminent cybercrime threat. Check Point Software rarely holds information on future cyber-attacks, especially not in a massive scale and destructive potential. Therefore, we need to act today to avoid real damage over the weekend.

Check Point’s data shows that healthcare is the most targeted industry, by ransomware, in the US in October. This continues the trend we saw in Q3 where healthcare was the number one most targeted industry in the US. In October, there was an increase of 71% in Ransomware attacks against the healthcare sector in the US, compared to September. Moreover, Hospital ransomware attacks are becoming a global trend as we see more moderate, though alarming increases in APAC and EMEA of 33% and 36% correspondingly.

The Uptick in ransomware attacks in APAC is mostly shown in Singapore (133% increase in attacks against the healthcare industry) and India (20% increase). The increase in EMEA is derived mostly by a ~200% increase in attacks on the healthcare industry in Germany and Belgium.

Just 3 weeks ago, we reported a global Surges in Ransomware Attacks. In Q3 2020, Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year. While Ransomware attacks in the US doubled during the same time. 

The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.

Don’t leave your security to chance. Find out if you’re at risk.

Every healthcare provider across the globe is vulnerable and needs to be prepared.  To provide your company with complete visibility into your security risk, Check Point is offering healthcare providers a FREE security checkup. At the end of the assessment, you will receive a comprehensive report that includes:

  • Active threats and malware infections
  • Intrusion attempts and bot attacks
  • Information on leakage of sensitive data
  • Threats to networks, endpoints and mobile devices
  • Key recommendations to protect your network

Don’t leave your security to chance.  Sign up to get started today.

Ryuk takes the lead. Again.

In their warning, the federal agencies specified that they expect it to be the infamous Ryuk Ransomware. This solidifies the fact that Ryuk is responsible for 75% of the ransomware attacks on the U.S. healthcare sector in October.

Unlike common ransomware, which is systematically distributed via massive spam campaigns and exploit kits, Ryuk is used exclusively for tailored targeted attacks. Ryuk was first discovered in mid-2018, and soon after, Check Point Research published the first thorough analysis of this new Ransomware which was targeting the United States.

Over the years Check Point has monitored its activity worldwide and can confirm an increase in October of Ryuk’s activity in the US – focusing on the healthcare sector.

Why hospitals? Why now?

It is no secret Ransomware hackers main incentive is money, and sometimes disruption or sabotage. Always struggling to make organizations pay the ransom, hackers find new extortion tactics to leave no escape from answering their demands. While the pandemic has already recorded a shocking number of 1 million deaths globally, we witnessed another attack the last weekend in September involving Ryuk, one of the leading ransomware strains out there.

According to the recent findings of the International Criminal Police Organization, threat actors have ramped up their attempts to pollute the IT networks of hospitals with ransomware despite the COVID-19 crisis. The adverse outcome of such an incursion is not restricted to data damage or monetary damages to the organization. It also hinders individuals from receiving quick medical response and has the potential to impact the physical well-being of the patients, making the situation a matter of life or death.

Ryuk has adopted similar tactics with a steady increase in the number of healthcare organizations being targeted, forcing these organizations to pay the ransomware so they can focus on saving lives.

Preventing Ransomware

  1. Raise your guard towards the weekend and holidays – most the Ransomware attacks over the past year took place over the weekends and holidays when people are less likely to be watching.
  2. Virtual Patching – the federal recommendation is to patch old versions, which could be impossible for hospitals. Therefore, we recommend to use IPS with latest packages as virtual patching to the most recent available exploits.
  3. Anti-Ransomware – although advanced hacking groups are involved in this business, the encryption process is very extensive, and Anti-Ransomware with a remediation feature is an effective tool to revert back to operation in few minutes if an infection takes place.
  4. Education – Training users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted email that does not even contain malware, but only a socially-engineered message that encourages the user to click on a malicious link, user education is often considered one of the most important defenses an organization can deploy.
  5. Ransomware attacks don’t start with Ransomware – Ryuk and other ransomware purchase infection base in targeted organizations. Security professionals should be aware of Trickbot, Emotet, Dridex and CobaltStrik infections within their networks and to remove them using threat hunting solutions – as they open the door for Ryuk.

Check Point’s Anti-Ransomware solution defends organizations against the most sophisticated ransomware attacks, and safely recovers encrypted data, ensuring business continuity and productivity. Anti-Ransomware is offered as part of Check Point’s comprehensive endpoint security suite, SandBlast Agent, to deliver real-time threat prevention to your organization’s endpoints.