Hackers Target Hundreds of Hospitals With Ransomware

November 13, 2020

According to security researchers, a hacking group is targeting U.S. hospital systems with Ryuk ransomware. Several federal agencies warned hospitals and cyber-researchers about “credible” information “of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory outlining the situation and warned that the ransomware might be used “for financial gain.” 

Ransomware is a computer virus that locks computers until payment is waged for a decryption key. It works by infecting a computer, encrypting all the files, and victims have to pay the hackers (usually in Bitcoin) to release the data; otherwise, the files are deleted permanently. When doctors are conducting emergency surgery and seeing patients, these attacks can potentially cause real-world harm. 

FireEye Inc., a cybersecurity company, reports a “coordinated” ransomware attack had hit multiple hospitals across the U.S. The computer virus warning comes as the coronavirus pandemic surges across the country with increased cases and hospitalizations. 

A financially-motivated cybercrime group (dubbed UNC1878 by security researchers) carried out the attack, according to FireEye’s Chief Technology Officer of Strategic Services, Charles Carmakal. Multiple hospitals have been hit over the past several weeks, and the cybercrime group intends to deploy ransomware to hundreds of other hospitals soon.

“We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States. UNC1878, an Eastern European financially-motivated threat actor, is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers,” Carmakal said. 

Hospitals are not the only victims of these virus attacks. Retirement communities and other medical centers have been targeted as well. UNC1878 surpasses computer security by sending phishing e-mails to victims. The messages appear to be featuring a real Google Docs file, but they are linked to a malicious payload in reality. In some cases, these e-mails seem even more realistic as they contain the recipient’s name, employer, and even corporate logos. 

For more information about the ransomware attacks, read the full article on TIME’s website. To protect your home or office from ransomware attacks, contact Creative Programs and Systems today. We specialize in managed IT for healthcare and can help thwart these attacks.

Founded in 1994, Creative Programs and Systems provides professional results for all computer needs. We design, create, and code an array of custom software programs and websites; implement internet marketing strategies for enhanced Search Engine Optimization (SEO) results; repair and provide support for computers of both residential and professional nature; build custom systems and servers, and offer secure data backups. Need assistance or want to learn more? Call us at 810-224-5252 or e-mail info@cpsmi.com.

Written by the digital marketing staff at Creative Programs & Systems: www.cpsmi.com.