Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be.
Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the BazarLoader malware, which in turn deploys the Cobalt Strike pen-testing platform, giving attackers greater ability to compromise the network before launching the Ryuk ransomware.
The group has also been observed using the ZeroLogon vulnerability, which allows an attacker to compromise a domain controller server within seconds. That makes lateral infection of corporate endpoints very easy.
According to various law enforcement agencies, attacks are increasing against healthcare organizations:
"'CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats," the advisory states.'"
At the same time, ransomware attacks have been increasing more in the second half of 2020 than the first half, according to a report by Check Point.
The United States saw nearly a 100% increase in ransomware attacks in Q3 compared to Q2.
Overall, this makes for an alarming trend of targeted ransomware attacks that utilize high sophistication and professional tools for attack. We need to all be on our guard right now.