Ryuk Ransomware and the UHS Medical System Attack

 

Last week the big news story was about ransomware crippling the UHS medical system. 

The suspected ransomware involved was the Ryuk ransomware that is known for spreading both through IoT devices (including routers) as well as through phishing.  Both attack vectors have seen increased usage by hackers due to the pandemic and the work-from-home environment we now live in.  Further, hospitals in general have suffered a loss of profit due to lower numbers of elective surgery – which has led to staffing reductions – including security. 

The Ryuk ransomware has been known to utilize vulnerabilities both targeting the user (i.e. Internet Explorer) as well as infrastructure (such as routers) to spread.  What is interesting is all the vulnerabilities used by the ransomware are fairly old, yet have experienced a resurgence of hacker interest due to the pandemic.  Today’s video blog looks at several of these vulnerabilities and their associated threat activity over the past few months. 

 

ryuk

 

Vulnerabilities such as these are the exception rather than the rule – and they are all knowable.  Focusing efforts on the most threatened vulnerabilities not only reduces the likelihood of a breach but yields efficiencies in security operations.  Check out our new e-book: Do More with Less to learn how to increase efficiencies while reducing risk in the COVID-19 environment.