Hospitals still targeted by the Ryuk Trickbot Ransomware

November 23, 2020
hospitals healthcare ryuk trickbot ransomware malware trojan

With the ongoing battle with the Covid-19 pandemic, so is the exploitation of many health institutions being compromised by many adversaries. On the recently submitted report, which is based on the collaborative investigation performed by Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation, and Department of Health and Human Services of the United States, almost 2 dozen health care institutions in the region have been victimized by the Russian adversary through the Ryuk Ransomware.

Operating since 2018, Wizard Spider – the adversary behind Ryuk ransomware became more noticeable this year as they could repurpose their malicious code with the expense of the global pandemic issue. Prominent cybersecurity entities have sounded the alarm to many healthcare services due to the recent news when Universal Health Services has been crippled due to the Ryuk attack wherein 250 health institutions and clinics across the United States were impacted early this year. Statistics show that the amount they asked from the victim rose from 5000 USD in 2018 and went to 200,000 USD and a few ranges to millions this year.


The in-depth analysis confirmed that the Ryuk ransomware has been deployed on targeted institutions through compromised devices added via the Trickbot network.


Some institution is believed to be already baited and just awaiting a command from the threat actors. Once triggered, it will automatically encrypt the affected system and will demand the ransom.

Health institutions usually heed to the adversary demands to ensure that their operation will not be halted for an extended period. Life is at stake every minute that they were unable to process treatment requests. Despite the current situation, these adversaries go on with their inhumane activity to gain profit, even though many patients need to suffer in getting delayed treatment.

The extent of the attacker’s trouble immensely created a chaotic situation as told by many cybersecurity experts as the report also confirmed that the attack of the ransomware also reached some parts of Canada. The cyberattack is already considered the most alarming and harmful that has been experienced in the US region.

The government and many concerned cybersecurity experts have already released a list of compromised (IOC) indicators to mitigate plans in battling the Ryuk infestation. Few infected are now being helped perform a network clean up on the network while others are being helped with possible counter-attacks.

Due to these numerous attacks, the cybersecurity expert’s community condone Russia for allowing such inhumane activity within their territory. The community is already invoking to have an entity that will serve as the centralized body that will force each government to intensify the war against cybercrime, especially those involved in ransomware activity, as global cooperation is the only solution to this worsening scenario.

About the author

Leave a Reply