Ryuk ransomware operators target hospitals during coronavirus pandemic

Ryuk ransomware operators target hospitals during coronavirus pandemic

The operators of infamous Ryuk ransomware continue to target hospitals, despite the challenges these organizations are already facing as a result of the coronavirus pandemic.

On March 26, a security expert going under the moniker PeterM, tweeted that a United States-based healthcare provider had been targeted by Ryuk’s ransomware. PeterM stated that the cyber offensive “looks like a typical Ryuk attack.”

“I can confirm that #Ryuk ransomware are still targeting hospitals despite the global pandemic. I'm looking at a US health care provider at the moment who were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP,” the researcher said.

"Looks like a typical Ryuk attack at the moment, they deployed the ransomware with PsExec," PeterM added.

According to Vitali Kremez, head of SentinelOne's research division, over the past month Ryuk ransomware has hit 10 healthcare organizations, two of which are independent hospitals and another is a healthcare provider with a network of 9 hospitals in the USA.a

Earlier this month DoppelPaymer and Maze ransomware operators stated that they will hold back from attacking medical organizations during the current coronavirus pandemic.

Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025