Ryuk ransomware does not leave hospitals alone despite the fact that doctors are already busy with Coronavirus disease patients
Since the end of 2019, hospitals worldwide are having a hard time dealing with Coronavirus-infected patients and also trying to protect themselves. According to cybersecurity researchers, Ryuk ransomware developers still do not cancel their plans and keep targetting hospitals even during hard times such as COVID-19. This type of news was also confirmed by PeterM from Sophos:
I can confirm that #Ryuk ransomware are still targeting hospitals despite the global pandemic. I'm looking at a US health care provider at the moment who were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP.
It appears that the only goal of this ransomware's creators is to collect money and they do not care that others are already suffering and struggling with worldwide problems. Another report came from Vitali Kremez from SentinelOne. The man has claimed to have spotted Ryuk ransomware launching attempts against tens of healthcare firms.
Some good news is that not all hackers think alike. The spreaders of Maze and DoppelPaymer ransomware have claimed that they stopped targetting hospitals due to COVID-19 because now their main goal is to help sick people. Nevertheless, Maze bad actors have even given back encrypted information to one pharmacy-based firm as proof of their word.
The malware has been already used in multiple attacks since its release
Hospitals are not the only target of Ryuk ransomware and never were. At the end of last year, the malware ended up infecting the network of a Maritime Transportation Security Act regulated facility. The ransomware-related payload was delivered through a phishing email message in the form of a hyperlink. One of the employees clicked on the embedded link and launched the malware infection straightly on the system where files got encrypted.
Another Ryuk-related incident that also occurred at the end of 2019 was related to Pemex, an oil provider. The ransomware managed to end up on the company's system this way disconnecting the Internet from the network and causing big losses – the disabling of crucial tasks. Other malicious attacks were raised against Prosegur, New Orleans servers, and many other well-known organizations and firms.
Getting yourself protected from ransomware attacks
Even though we are currently talking about ransomware hitting big companies, these cyber threats also target regular users when they expect it the least. Mostly, such malware is spread through phishing email messages that come with misleading attachments or hyperlinks. Always try to identify the sender, check the received letter for possible grammar mistakes, and never open any attached file without performing a malware scan on it.
Of course, it is essential to have a reliable antimalware program on your computer system, otherwise, you can fail to protect your machine properly. To continue, avoid downloading software cracks such as key generators and other components from p2p networks as these sources can also be ransomware distribution places.