Trickbot malware with Ryuk ransomware has attacked at least five U.S hospitals this week, at the height of the Coronavirus pandemic. In a statement by the three federal agencies, Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Department of Health and Human Services, they disclosed that they were able to get “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The malware is capable of data theft and can disrupt healthcare services. According to the cybersecurity officer at VMware Carbon Black, the Russian cybercrime cartel is allegedly behind the development and distribution of Trickbot and Ryuk.
Forbes: The malware attacks appear to be timed to take advantage of the disruptions caused by the Covid-19 pandemic
Forbes reports that Trickbot malware with a Ryuk ransomware payload locks up machines until the hospitals pay a ransom exceeding $1 million.
According to CISA, FBI, and HHS, the malware attack causes an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” that is why they are sharing this information to warn healthcare providers “to take timely and reasonable precautions to protect their networks from these threats.”
The malware is launched when employees click on an infected link. Those links appear in documents that appear to be internal communications and contain attachments from Google Docs or PDF files.
Associated Press: Malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.”
In a similar news from Associated Press, the ransomware involves a particular strain of ransomware, which scrambles a target’s data into gibberish until they pay up. Previous such attacks on health care facilities have impeded care and, in one case in Germany, led to the death of a patient.
Independent security experts say that four health care institutions have been reported hit by ransomware so far this week, three belonging to the St. Lawrence Health System in upstate New York and the Sky Lakes Medical Center in Klamath Falls, Oregon.
Alex Holden, CEO of Hold Security said the Russian-speaking group behind recent attacks was demanding ransoms well above $10 million per target and that criminals involved on the dark web were discussing plans to try to infect more than 400 hospitals, clinics and other medical facilities.