In late 2020, the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) warned hospitals and healthcare providers of a looming ransomware threat attributed to cybercriminals from Eastern Europe. The organizations claim to have received credible intelligence that hackers are targeting the healthcare sector with TrickBot malware in attacks that result in data theft and disruption of healthcare services.
The alert mentions TrickBot, particularly the anchor evasion detection modules used in hacks aimed at high-profile organizations, and Ryuk ransomware, which can be delivered using the TrickBot botnet. Both TrickBot and Ryuk ransomware have been linked to Russia.
Ryuk Causes Mayhem in 2020
According to security firm SonicWall, ransomware attacks have surged in 2020 with Ryuk ransomware playing a major role globally. The firm noticed malware infections reached a whopping 4.4 billion during the first three quarters of the year. Although that represented a 39% decline from 2019, ransomware incidents rose by 40% during the same timeframe with a total of 199.7 million incidents reported. A third of these attacks were attributed to the Ryuk strain.
In 2019, there were only 5,123 Ryuk ransomware attacks recorded during the first three quarters of 2019, compared to 67 million during 2020. Although it’s a relatively newer strain, Ryuk ransomware has already evolved from a derivative of the Hermes 2.1 strain and a payload for banking Trojans such as Trickbot to one of the most employed hacking tools used in phishing campaigns against organizations that include health care facilities.
Data-Related Attack Compromises 3.5 Million US Medical Patients
According to Dirk Schrader, the global vice president at New Net Technologies, the results of 13 million medical exams involving an estimated 3.5 million U.S. patients are currently unprotected and available to anyone on the Internet. These records can be accessed via an app that can be downloaded from the Internet. The records were found on files that are still actively updated and provide an opportunity for criminals to execute identity theft, including medical identity theft, personal extortion, and healthcare company breaches.