Ryuk ransomware, which has just been implicated in an attack against European IT company Sopra Steria, has now been deployed against hospitals in Brooklyn and Vermont.
In the Brooklyn hospital case, Bleeping Computer was contacted by an employee at Wyckoff Heights Medical Center. The employee at the 350-bed teaching hospital confirmed that their network was compromised by Ryuk. Wyckoff Heights Medical Center has not responded to media requests for comment, but if the anonymous tip is to be believed, most of the devices at the hospital are now encrypted.
Simultaneously with this incident, the Associated Press reports that the University of Vermont Health Network has been compromised with Ryuk ransomware. The attack affects six hospitals in the University of Vermont Health Network, which includes hospitals in Vermont and New York. This incident is being handled by the FBI and the Vermont Department of Public Safety.
All of this comes on the heels of a seemingly prophetic warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) stating that hospitals are in grave danger of ransomware. The notice reads as follows:
CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats... Without planning, provision, and implementation of continuity principles, organizations may be unable to continue operations. Evaluating continuity and capability will help identify continuity gaps. Through identifying and addressing these gaps, organizations can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies.
Especially in the time of COVID-19, hospitals are pushed to capacity to handle both a pandemic and regular health emergencies. It is a particularly heinous act to target the health-care sector at this time, but COVID-19 presents the perfect motivator for cybercriminals. They hope that in desperation to gain full functionality again, hospitals will pay the ransom.
As of this article’s publication, patients are still being treated, but many delays are resulting from the attacks.
Featured image: Flickr/ Presidencia de la República Mexicana