Ryuk ransomware causes chaos in giant UHS hospital network

Ransomware might not be new to our ears but, save for some high-profile cases like Garmin's last July, most of the news revolved around companies or unwitting individuals being hit by the malware. Those, however, have never been the only targets and things take an even worse turn when health care facilities become the victims. Such was the case last Sunday when Universal Health Services, one of the largest hospital networks operating in the US, had to resort to pen and paper after several facilities' computer systems shut down and refused to start up due to a ransomware attack.

In the middle of the night on Sunday, UHS hospitals across the country abruptly shutdown. UHS confirmed it has an IT security issue that forced it to take its computer networks offline but didn't confirm or deny that it was related to ransomware. Employee testimonies, however, pointed to how files were being renamed with the ".ryk" extension that has been associated with the Ryuk ransomware.

Ryuk was originally attributed to North Korean actors but was later believed to have originated from Russia instead. The main actor for the ransomware seems to have faded into the background last April but has apparently resurfaced. But while many ransomware cybercriminals vowed not to touch hospitals, Ryuk's users had no such qualms.

Hitting health care institutions and facilities becomes more than just a matter of holding medical and private patient files hostage. Bringing a computer-based system down naturally disrupts hospitals' operations, causes delays, and puts lives at risk. In what may be the first case of its kind, a patient with a life-threatening illness in Germany died after a ransomware attack on a nearby hospital forced her to be taken somewhere farther.

Ransomware incidents have risen in the past months, especially as more and more people become even more reliant on computers and the Internet during this pandemic. Simple phishing scams, which may have been the origin of this particular incident, have become more common and with lives at stake, the chances of a payout from such ransomware attacks are even greater.