Show vulnerabilities with patch / with exploit
31 March 2020

Ryuk ransomware operators target hospitals during coronavirus pandemic


Ryuk ransomware operators target hospitals during coronavirus pandemic

The operators of infamous Ryuk ransomware continue to target hospitals, despite the challenges these organizations are already facing as a result of the coronavirus pandemic.

On March 26, a security expert going under the moniker PeterM, tweeted that a United States-based healthcare provider had been targeted by Ryuk’s ransomware. PeterM stated that the cyber offensive “looks like a typical Ryuk attack.”

“I can confirm that #Ryuk ransomware are still targeting hospitals despite the global pandemic. I'm looking at a US health care provider at the moment who were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP,” the researcher said.

"Looks like a typical Ryuk attack at the moment, they deployed the ransomware with PsExec," PeterM added.

According to Vitali Kremez, head of SentinelOne's research division, over the past month Ryuk ransomware has hit 10 healthcare organizations, two of which are independent hospitals and another is a healthcare provider with a network of 9 hospitals in the USA.a

Earlier this month DoppelPaymer and Maze ransomware operators stated that they will hold back from attacking medical organizations during the current coronavirus pandemic.

Back to the list

Latest Posts

Vulnerability summary for the week: May 29, 2020

Vulnerability summary for the week: May 29, 2020

Weekly vulnerability digest.
29 May 2020
Japan defense data may have leaked after cyber attack on Japanese telecommunications giant NTT

Japan defense data may have leaked after cyber attack on Japanese telecommunications giant NTT

NTT Communications said hackers gained access to its internal network and stole information on 621 customers.
29 May 2020
Sandworm hacking group exploiting Exim flaw since at least 2019

Sandworm hacking group exploiting Exim flaw since at least 2019

The NSA is urging system administrators to update Exim by installing version 4.93 or newer to mitigate the vulnerability.
29 May 2020