This article was published on October 7, 2019

US hospitals opt for paying hackers to survive Ryuk ransomware attack


US hospitals opt for paying hackers to survive Ryuk ransomware attack

Cybercriminals are targeting hospitals across the globe with ransomware. Some of the hospitals are giving in to the attackers’ demands and paying the requested ransom, likely in cryptocurrency.

Over in the US, Alabama-based DCH Health System said it paid the hackers after the attack severely disrupted operations at three hospitals, the Tuscaloosa News reports.

Specifically, computers at the DCH Regional Medical Center in Tuscaloosa, Fayette Medical Center, and Northport Medical Center were infected from October 1 onwards. DCH Health System said there was no indication that patients records had been compromised.

It comes after the Federal Bureau of Investigation (FBI) issued a warning highlighting that the number of sophisticated attacks on businesses and state and local government, was on the rise.

Although no group has claimed responsibility, it’s being reported that Ryuk, which the UK‘s National Cyber Security Centre previously said could become a global threat, is the specific ransomware variant behind the attacks.

Security firm Crowdstrike says evidence suggests Ryuk attacks may be coordinated by a criminal group in Russia operating as Wizard Spider, which as of January this year had managed to net $3.7 million worth of Bitcoin.

Worryingly, FBI Flash said in May that cybercriminals had targeted over 100 US and international businesses with Ryuk ransomware since August 2018.

Indeed, the spread of the ransomware seems to have become a global issue. Over in Australia, seven hospitals in Gippsland and south-west Victoria, have also reported ransomware infections.

The ransomware attack caused the hospitals to disconnect multiple computer systems, meaning that some patient records, booking, and management services were offline.

Just last week, Hard Fork reported on how a hacker was holding computer systems in the southern Spanish city of Jerez de la Frontera to ransom.

The attack, which reportedly began last Tuesday, had at the time already caused service outages for the city’s website.

How does Ryuk work?

Put simply, Ryuk is a Trojan virus that encrypts files on a compromised computer and then demands payment, typically in Bitcoin, to decrypt them.

Generally speaking, the ransomware is used to target large organizations, with significant annual revenue, in hope of getting larger ransoms from the victims.

Back in April, ransomware support firm Coveware’s report said cryptocurrency payments made to attackers had increased almost 90 percent in Q1 2019 over the previous quarter – an increase largely attributed to Ryuk, which typically demanded around $288,000 per attack.

Want more Hard Fork? Join us in Amsterdam on October 15-17 to discuss blockchain and cryptocurrency with leading experts.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with