Last week, the FBI chief put the threat posed by ransomware on par with the 9/11 attacks. If that seemed like hyperbole, an investigation by the Wall Street Journal might shed some light on his thinking. The newspaper catalogs 235 attacks on hospitals and psychiatric centers in the US since 2018, plus dozens more on other health care facilities, by one Eastern European outfit alone. The attacks by the collective known as Ryuk (after their software) are devastating and potentially life-threatening: Hackers shut down vital hospital systems and ignore the resulting life-or-death pleas. As the story explains, hospitals are the perfect target: Their security systems are notoriously lax, and the high stakes (patients' lives) makes them susceptible to the pressure of paying a ransom for a quick fix.
Cybersecurity experts say some ransomware operations avoid hospitals in principle because lives are on the line. Ryuk, formerly known as the Business Club, has no such qualms. “They do not care. Patient care, people dying, whatever. It doesn’t matter,” Bill Siegel of the ransomware recovery firm Coveware tells the newspaper. “Other groups you can at least have a conversation. You can tell them, ‘We’re a hospital, someone’s going to die.’ Ryuk won’t even reply to that email.” Sometimes hospital officials will plead poverty, only to receive a terse email with financial records proving the contrary. Ryuk now appears to be "renting" new software known as Conti to other hackers in exchange for a cut of ransoms. Conti has been blamed for a strike on Ireland's health care system last month, as well as 16 attacks in the US on hospitals, 911 call centers, and the like. (Read the full story.)