Ransomware damages can be a huge chunk of a companies yearly expenditure, and the number is often alarming. This is the case with Universal Health Services (UHS), who revealed they had been victims of a large Ransomware attack in September 2020. The attack had come from the infamous ransomware strain Ryuk and cost the company $67 Million.
UHS is a major healthcare provider, a Fortune 500 hospital that provides private services to 3.5 Million patients patience in over 400 healthcare facilities across the US and the UK.
Delays in services since September prompted many to speculate if a cyberattack had taken place. UHS had declined to comment on the matter previously but revealed the company’s earnings report’s breach on February 25th.
When their systems were infected, UHS was quick to disconnect internal servers from the network to halt the spread of ransomware. Gradually, they began to move patient data via backups to new servers. This lead to a notable slowdown in their services.
“The substantial majority of the unfavorable impact was attributable to our acute care services and consisted primarily of lost operating income resulting from the related decrease in patient activity as well as increased revenue reserves recorded in connection with the associated billing delays,” UHS stated.
“Also included were certain labor expenses, professional fees and other operating expenses incurred as a direct result of this incident and the related disruption to our operations.”
“We also incurred significant incremental labor expense, both internal and external, to restore information technology operations as expeditiously as possible.”
UHS went on to state that patient data was delivered safely from the infected systems.
Ryuks’ Ransomware Campaign
We have mentioned Ryuk in a previous article, and it continues its attack campaign against mostly hospitals and other healthcare providers.
Ryuk is a highly sophisticated form of Malware. There are several suspected organizations behind it, ranging from Lazarus Group to other groups in Russia.
Besides its technical complexity, Ryuk is also notable for having a much higher charge of ransom than its predecessors. In its lifetime so far, it has impacted many businesses and organizations globally, often enriching the finances of the hackers behind it.
Ryuk usually is deployed via trojans like Emotet. Unlike its peers, Ryuk does not strike immediately; it takes several days and sometimes weeks to become apparent to the user. In this seemingly dormant time, Ryuk makes several changes to the user’s Operating System to ensure its success.
One of these operations is to disable all Windows System Restore and Windows Registry functionalities, guaranteeing that IT teams can’t restore machines to a previous, safer state. Ryuk also uses the hosts’ network and was able to infect other devices found on the network. In a hospital or corporation, this meant entire buildings could be infected in a short space of time.
The team at UHS was likely aware of Ryuks’ capabilities and had recent backups created. While they have not detailed much of their teams’ response for security reasons, it looks like they acted quickly to transfer data before Ryuk could take full control.
Hospitals As Targets For Ransomware
Ryuk stepped up its campaign against hospitals last year, hitting roughly 20 companies affiliated with healthcare every week during the third quarter of 2020. It is not the only Ransomware strain involved with targeting hospitals.
Hospitals make the ideal target for Ransomware; they command massive amounts of sensitive patient personal information, which if seized by hackers can sell easily on the Dark Web. They usually operate on interconnected networks while allows Ransomware to propagate quickly. Add these issues with the financial backing healthcare has, and the whole industry has a digital bullseye on its back.
The Pandemic added fuel to this fire; with more hospitals switching to online services, additional attack vectors opened up for hackers.
An increase of 71% of attacks against hospitals last year prompted the FBI to issue a warning report.
Protection Against Ransomware
Healthcare isn’t the only target for Ransomware – The majority of ransomware cases take place against smaller businesses and family homes.
As attacks ramp up, it’s important to use the tools out there to protect your business and your family online. One of these tools is SaferNet.
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.