Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking, the Associated Press has reported.
In a joint alert Wednesday, the FBI and two federal agencies said they had credible information of “an increased and imminent cybercrime threat” to U.S. hospitals and health care providers. The alert said malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.”
Independent security experts say the ransomware, called Ryuk, has already impacted at least five US hospitals this week and could potentially affect hundreds more. Four health care institutions have been reported hit by ransomware so far this week, three belonging to the St. Lawrence Health System in upstate New York and the Sky Lakes Medical Center in Klamath Falls, Oregon.
The hacks involve a strain of ransomware, which scrambles a target’s data into gibberish until they pay up, said the report.
Once Wizard Spider has access to its target network, has conducted reconnaissance and established the persistence it needs to drop Ryuk, the ransomware uses AES-256 to encrypt files and an RSA public key to encrypt the AES key, according to a Computer Weekly news report explained.
“A .bat file is also dropped that will try to delete backup files and stop the victim from getting their files back without the needed decryption program,” it said.
It will also try to shut down or even uninstall local cybersecurity tools that might stop Ryuk from executing – which, according to the CISA, is usually done via an automated script, although there appears to be a manual failsafe should that not work.
Previous such attacks on health care facilities have impeded care and, in one case in Germany, led to the death of a patient. But such consequences are still rare, said AP.
The news will undoubtedly flame fear in the US healthcare system as the US sees COVID cases rise.
Coronavirus-related deaths in the US have begun to rise to levels not seen since the summer outbreak in the American sunbelt, with fatalities reaching a new high on Tuesday in the hard-hit state of Wisconsin, reported the Financial Times.
Call for cyber experts
Cybersecurity specialists will be in high demand as the country prepares itself for more cyber attacks. The UK’s National Health System would be wise to put additional measures in place to avoid similar attacks or alleviate the damage caused.
Cyber education will be integral to this task, and cyber security contractors could be in high demand to provide these services to both public and private clients.
The UK’s NCSC has previously published an advisory on Ryuk ransomware campaigns targeting organisations globally, providing details of links to Emotet and Trickbot infections and mitigation advice.
Click here for some tips for staying safe online.