Ryuk is Back and Actively Targeting U.S. Healthcare Organizations

This week, the United States FBI, HHS, DHS, and CISA each released critical information regarding Ryuk, an imminent ransomware threat actor actively targeting U.S.-based healthcare organizations.

Ryuk

The operators of Ryuk are a sophisticated and fast-moving Ransomware-as-a-Service crime syndicate using the ransomware variant known as ‘Ryuk ‘. This crime syndicate has reportedly collected more than $61 million in ransom in 2019. Avertium threat detection analysts at our CyberOps Centers of Excellence have encountered this threat actor multiple times recently and these cyber threat intelligence report details are known information about the actor, how to prevent an attack, and how to detect the actor prior to being the victim of a crippling incident. We strongly recommend careful review of this report to ensure your systems are configured to prevent and detect the indicators referenced in it.

Additional Caution

We are cautioning all cybersecurity teams to be wary of any suspicious or anomalous behavior observed in their systems. Often, our experts have seen ransomware attacks preceded by large amounts of network traffic, odd behavior or instability in server infrastructure - particularly domain controllers - and large amounts of data leaving the victim network.

Traditional Anti-virus/Anti-malware Ineffective

Traditional antivirus/antimalware is often unsuccessful at preventing ransomware variants like Ryuk. If you are not yet using an advanced anti-ransomware Endpoint Detection and Response (EDR) tool, you may be left unprotected.

If you suspect you are currently experiencing the precursor of an attack, or have discovered a ransom note or if you are in need of guidance on strategies to protect yourself prior to an attack, please reach out to us as soon as you possibly can at 1-877-707-7997 Option 4.

Avertium Managed Services Customers

Please know that our monitoring platforms have been configured to detect the indicators highlighted in our article and that our team of CyberOps Analysts is operating under a heightened level of vigilance.

Recommended Additional Reading

• https://attack.mitre.org/software/S0446/
• https://thedfirreport.com
• https://otx.alienvault.com/pulse/5f99dd6b17da45dfb9dc296e