FBI Warns Healthcare Sector of Increased Ransomware Activity Commanded by Ryuk Gang

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint advisory warning the healthcare sector of increased attacks by ransomware threat actors.

In the notice (AA20-302A) the feds claim they “have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sector (HPH) to infect systems with Ryuk ransomware for financial gain.

“CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats,” the advisory states. “CISA encourages users and administrators to review CISA”s Ransomware webpage for additional information.”

Threat actors are said to be targeting the HPH sector with Trickbot malware leading to ransomware attacks, data theft, and the disruption of healthcare services, according to the notice. CISA and the FBI believe these targeted attacks will only be exacerbated by the current pandemic, “therefore, administrators will need to balance this risk when determining their cybersecurity investments.”

AA20-302A includes a bit of history behind the malware employed by threat actors, followed by a long list of technical details for administrators to use to better understand the hackers” breach tactics, complete with indicators of compromise. Three full pages are entirely dedicated to a close inspection of the Ryuk ransomware.

CISA, FBI, and HHS encourage the HPH organizations to maintain business continuity plans and identifying and addressing their security gaps to help keep them functioning during cyberattacks or other emergencies. A list of mitigation steps is also provided to IT administrators in the healthcare industry, including network best practices, ransomware mitigation, and user awareness tips.

The FBI recites the don”t-pay mantra saying, “Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”

Healthcare organizations are instructed to keep regular, password-protected, offline backups of their data, and to have a recovery plan at hand.