Recently, U.S. Government Agencies such as the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) advised that Russian hacking groups are actively mounting a campaign targeting the U.S. healthcare industry. The attackers are thought to be leveraging the TrickBot malware to propagate ransomware infections across such organizations.
The attacker groups have been known to leverage the Ryuk ransomware strain. This particular variant has recently hit major organizations such as hospitals in Pennsylvania and an Alabama hospital chain. Ryuk is believed to have been created by North Korean cyber-criminals; it leverages Windows SMB protocols to laterally move throughout network segments and the attacker groups are known to destroy or delete data backups.
If your organization is a healthcare entity, you may be the potential target of one of these ransomware attacks. To reduce your risk, you should follow appropriate steps to ensure that such attacks do not affect your organization.
Following these precautions does not make your organization invincible to ransomware or other cyber-attacks. However, these steps may prove to be the factor that saves you and your organization from undue damage. The attackers are creating advanced campaigns that will likely use phishing attacks, remote access compromise, and drive-by malware downloads.
If your organization can't take on these items along, engage with the team at IGI Cybersecurity to lay out a plan and improve your cyber defense.