Last week, we talked about how Bleeping Computer contacted the operators of such well-known cryptographers as Maze, DoppelPaymer, Ryuk, Sodinokibi (REvil), PwndLocker and Ako, and asked them if they would continue in such difficult times for the whole world. attack medical facilities and organizations.
The hacking groups behind the development of DoppelPaymer and Maze reported that they would stop working with any medical organizations and institutions until the pandemic, and DoppelPaymer operators even promised to decrypt the data for free if the attack accidentally affects doctors.
Now Bleeping Computer informsthat far from all hack groups are ready to stop attacks during the coronavirus pandemic. For example, Ryuk ransomware operators are definitely not going to stop. Although Malvari’s operators didn’t answer last week for a reporter’s request, an expert at Sophos told Twitter on Wednesday that an unnamed medical facility in the United States was attacked by a cryptographer.
I can confirm that #Ryuk ransomware are still targeting
hospitals despite the global pandemic. I'm looking at a US health care provider at the moment who were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP.
– PeterM (@AltShiftPrtScn) March 26, 2020
In turn, the head of the research department of SentinelOne Vitaly Kremez told the publication that over the past month he had seen Ryuk attack at least 10 medical organizations. Of these, 2 were independent hospitals, and another was a health care network, which included 9 hospitals in the United States. According to Bleeping Computer, one of the hospitals is located in an area where the situation with the number of cases is very difficult.
“Not only have they not stopped attacking healthcare targets, we are also seeing an ongoing trend of attacks on healthcare organizations in the midst of a global pandemic. While some extortion groups at least participated in a dialogue on ending extortion in the health sector and admitted that everyone understands, Ryuk operators are silent and harassing medical organizations and institutions, despite our calls to stop, ”says Kremez.