back to article Ryuk this for a game of soldiers: Ransomware-flingers actively targeting hospitals in the US, cyber agencies warn

Ryuk ransomware is being aggressively deployed to target US healthcare institutions, government cyber organisations in the US have warned. "CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers," the cybersecurity, investigative, and healthcare …

  1. Anonymous Coward
    Anonymous Coward

    Ransomware, tsch! The bad guys would probably find it much more profitable if they managed to mess with the billing systems in US healthcare institutions, to try to insert a few spurious charges of a couple of thousand dollars per procedure here and there.

    I imagine they could continue doing this for years without detection... if I have understood correctly, standardised "billing errors" are considered a feature not a bug, so the institutions would be likely to aggressively ignore any complaints.

    1. beep54

      You probably shouldn't be giving them ideas.

      1. Version 1.0 Silver badge

        He's anonymous, maybe he's just telling us what he's doing?

  2. Little Mouse

    Risky strategy?

    Is the "healthcare system" viewed as a National Institution in the US like it is in the UK, or is it just seen as a disparate group of businesses and corporate entities?

    In the UK at least, I'd assume that any plan to actively & deliberately cripple NHS targets would be considered a national terrorist threat, even if the motive was just money, and not ideological.

    Under the current climate, waking up with a bullet between the eyes would surely be a very real consideration for anyone attempting it.

    1. AGeezer

      Re: Risky strategy?

      It could easily be considered as a terrorist threat, and much worse. I believe there is a case in Germany where they are treating ransomware attacks as Murder. If this extends to multiple deaths, who knows it could be considered Genocide.

      Either way, targeting healthcare like this is the lowest of the low, I can only hope that they are denied urgent medical treatment as a result of their own ransomware attack.

    2. a_yank_lurker Silver badge

      Re: Risky strategy?

      It is not a national institution in the US but I think ransomware attacks would be poorly received. This is especially true if there any patient deaths because of an attack. If this happens, the miscreants had better hope the death did not happen in a state with the death penalty. I know some countries will not extradite to states with the death penalty normally but I wonder if they would make an exception.

      1. Danny 2 Silver badge

        Re: Risky strategy?

        I upvoted you because the miscreants certainly deserve it, but...

        The main trouble with the death penalty is it is very hard to appeal, and we (all of our nations) have a long history of executing innocent people.

        Now if the miscreant had admitted it proudly in court it and there was damning proof then that would be tempting, but there's another argument. Life imprisonment without chance of release is a harsher punishment than a death sentence.

  3. six_tymes

    ah those Iranians and Pakistanis at it again, they always have to make everyone as miserable as they are.

    1. Citizen of Nowhere

      Actually, RYUK comes from the folks who own your President.

    2. Version 1.0 Silver badge
      Boffin

      "those Iranians and Pakistanis at it again'

      LOL, you think that just because the bitcoin request comes via an IP address in those countries that they did it? Maybe ... but it's quite easy to hack a system in one country and redirect your attack to another so unless you can walk back through every set of system logs you have very little chance of knowing where the attacks actually originated.

  4. IGotOut Silver badge

    Targeting Hospitals?

    I doubt many are. They are just firing out emails to everyone and anyone.

    Chances are some of these attacks are people picking up personal emails on work machines.

    1. a_yank_lurker Silver badge

      Re: Targeting Hospitals?

      Most ransomware relies on social engineering to work. So for me to open an email and especially an attachment both have to be the type email and document I would expect from the sender. And I do not mix work and personal emails; this is both a personal practice and a company requirement.

    2. Little Mouse

      Re: Targeting Hospitals?

      If the vector is email, then it's very believable that an attacker would target domain names of companies (in this case, hospitals) that a) have lots to lose, and b) have access to big-figures money.

      USA medical institutions = $$$. Random individuals, much less so.

      Plus, they're far less likely to be blocked by spam filters if they minimise the amount of spam they send out. You can't do that effectively if your attack isn't targeted.

  5. jelabarre59 Silver badge

    but with Ryuk

    You know what they say about "an apple a day"...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021