Last week, Universal Health Services, confirmed that the ransomware attack on their networks on September 27th affected computers at all of their US care sites and hospitals. The ransomware that hit UHS, one of the largest health systems in the US, is the infamous Ryuk, which has been wreaking havoc in targeted ransomware attacks since 2018. During the attack, the Ryuk began shut down systems in the emergency department, as well as additional systems causing some ambulances had to be diverted, and lab test results became delayed. Technicians at some UHS-owned facilities described reverting to pen-and-paper during the attack.

During the initial attack hours, when the UHS country-wide outage began, staff searched the internet to try and find out what was wrong with their systems. Their posts on Reddit shed light on some of the ransomware’s damages – outages to computer systems, phone services, the internet, and data centers across their 250 US hospitals.

Highly targeted ransomware attacks have definitely become a thing in the last few years. While the threat used to be sprayed around pretty much everywhere, trying to cash in whichever victims they could get, today’s threat landscape boasts a number of very advanced and evasive ransomware variants, operated by skilled cyber gangs. Ransomware attack tactics in 2020 include reconnaissance, a targeted breach of the victim’s network (often via phishing), propagation throughout the network, and sometimes even tailored ransomware capabilities based on the victim. With the enormous variety of machine types in hospitals and health-related organizations, healthcare providers should make ensure that they are thoroughly protected against cyber attacks, and in 2020 it seems – most especially against ransomware.

ThreatSTOP protects its users from ransomware. If you are already a ThreatSTOP customer, make sure to include our Ransomware and Ransomware IPs Bundles in your policy.