Ransomware Attacks & Their Impact on a COVID-19 World -- By Teen Cyber Student Crew Writer Rhea Jethvani

Published by Rajvi Khanjan Shroff,


AUTHOR: Rhea Jethvani


Cyber Student Crew (previously Project Cyber) is proud to publish our first article written by teen member & writer Rhea Jethvani!



At a time of global health crisis, hospitals are struggling to combat both the COVID-19 pandemic and widespread ransomware attacks.

As the Coronavirus epidemic becomes more imminent of a threat to countries all around the world, hospitals are already under more pressure than ever. Not to mention, even more data is being stored in hospital servers, complete with Personally Identifiable Information (PII), government records, and employee accounts.

In September of this year, Universal Health Services, a Fortune 500 hospital and healthcare services provider, had hundreds of their United States systems disrupted by a Ryuk ransomware. You may be asking yourself: what is ransomware? Or, more specifically, what is Ryuk ransomware? Let’s break it down.


A ransomware attack is a form of malware that encrypts and prevents access to files, systems, or networks. The attacker then demands a fee, usually money in the form of cryptocurrency, in order to be decrypted. If a user decides to not pay the ransom, their files could be permanently deleted or corrupted. Although several ransomware attacks are fake and do not actually have any real control over the files, true ransomware attacks are often expensive to resolve and damaging to the data. Let’s talk about Ryuk ransomware. Ryuk is a fairly new ransomware family used in targeted attacks. With this malware, the threat actors make sure that the essential files are encrypted so that they have more leverage when asking for ransom.

At UHS, the attack launched during the night to avoid detection before encrypting as many systems as possible and computers were logged out and shut down in less than a minute to prevent access to more of the network. Files were renamed to include the .ryk extension used by Ryuk ransomware and impacted computer screens changed to a note reading "Shadow of the Universe." With no access to anything computer-based, UHS was rendered helpless due to a probable phishing-originated attack. Emotet and TrickBot Trojans were detected, demonstrating that the attack was spread via phishing emails containing malicious attachments of malware that was downloaded onto the attack computers and opened a reverse shell to the Ryuk operators. Using PowerShell Empire or PSExec network devices, Ryuk actors were able to use reconnaissance to attain admin credentials and deploy ransomware payloads on the network devices.

According to UHS reports, hospitals were left without access to computer and phone systems and had to redirect ambulances and relocate patients to other hospitals. This begs the question of the moral implications of attacking health services. With the chaos and confusion that occurred with the UHS attack, four deaths were reported due to the doctors having to wait for lab results to arrive via "snail mail." If hospitals do not have a sufficient level of security and infrastructure, more patients could very easily lose their life as part of a ransomware attack. And, it gets even worse in a COVID-19 pandemic-stricken world.

On September 10th, just a couple of days before the UHS attack, a ransomware attack encrypted 30 servers at the Dusseldorf University Clinic, in Germany. This caused a 78-year-old woman in need of critical care to be diverted to a facility 20+ miles away. Doctors were not able to save her life.

These incidents further emphasize that companies need to prioritize cyber emergency preparedness. Learning from the rapidly growing number of deaths due to ransomware attacks, we, as a cybersecurity community, need to ensure that no other civilian loses their life due to people taking advantage of technology for monetary gain.


Computer Being Controlled During a Ransomware Attack (Photo by Michael Geiger on Unsplash)

References:

  1. Barth, B. (2020, November 5). ‘Picture this’: CynergisTek CEO paints bleak picture of ransomware attacks against hospitals. SC Media. https://www.scmagazine.com/home/security-news/ransomware/picture-this-cynergistek-ceo-paints-bleak-picture-of-ransomware-attacks-against-hospitals/
  2. Barth, B. (2020, September 23). Lessons from the ransomware death: Prioritize cyber emergency preparedness. SC Media. https://www.scmagazine.com/home/security-news/ransomware/lessons-from-the-ransomware-death-cyber-emergency-preparedness-critical/
  3. Ryuk Ransomware. Malwarebytes. https://www.malwarebytes.com/ryuk-ransomware/
  4. Gatlan, S. (2020, September 28). UHS hospitals hit by reported country-wide Ryuk ransomware attack. Bleeping Computer. https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/