The British IT security firm Sophos tweeted that Ryuk’s ransomware had targeted a United States-based healthcare provider. Hospitals are already facing intense pressure due to the ongoing global pandemic as the number of COVID 19 positive continue to increase exponentially.
Ransomware operators Maze and DoppelPaymer would no longer target hospitals.
According to cybersecurity publication, BleepingComputer published a report after contacting seven ransomware operators to ask if they would continue to target hospitals despite the COVID-19 outbreak. Out of seven, only two ransomware operators, Maze and DoppelPaymer, said that they would no longer attack the hospitals. Maze later decrypted the data that it had stolen from a drug testing company that it had targeted before the pandemic.
I can confirm that #Ryuk ransomware are still targeting
hospitals despite the global pandemic. I'm looking at a US health care provider at the moment who were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP.
— PeterM (@AltShiftPrtScn) March 26, 2020
Ryuk ransomware has attacked at least ten hospitals in March.
Earlier, Bleepingcomputer reported that software security firm SentinelOne had identified at least ten instances of Ryuk targeting at least ten healthcare organizations in the month of March, including one attack on a network of 9 hospitals. The coronavirus outbreak has overwhelmed hospitals in several countries all over the world, and getting targeted with ransomware is the last thing hospitals want. So far, over 700,000 people have been tested positive for COVID 19 all over the world, and over 37,000 people have lost their lives.