Ransomware Attacks & Their Impact on a COVID-19 World -- By Teen Project Cyber Writer Rhea Jethvani
Published by Rajvi Khanjan Shroff,
AUTHOR: Rhea Jethvani
Project Cyber is proud to publish our first article written by teen member & writer Rhea Jethvani!
At a time of global health crisis, hospitals are struggling to combat both the COVID-19 pandemic and widespread ransomware attacks.
As the Coronavirus epidemic becomes more imminent of a threat to countries all around the world, hospitals are already under more pressure than ever. Not to mention, even more data is being stored in hospital servers, complete with Personally Identifiable Information (PII), government records, and employee accounts.
In September of this year, Universal Health Services, a Fortune 500 hospital and healthcare services provider, had hundreds of their United States systems disrupted by a Ryuk ransomware. You may be asking yourself: what is ransomware? Or, more specifically, what is Ryuk ransomware? Let’s break it down.
At UHS, the attack launched during the night to avoid detection before encrypting as many systems as possible and computers were logged out and shut down in less than a minute to prevent access to more of the network. Files were renamed to include the .ryk extension used by Ryuk ransomware and impacted computer screens changed to a note reading "Shadow of the Universe." With no access to anything computer-based, UHS was rendered helpless due to a probable phishing-originated attack. Emotet and TrickBot Trojans were detected, demonstrating that the attack was spread via phishing emails containing malicious attachments of malware that was downloaded onto the attack computers and opened a reverse shell to the Ryuk operators. Using PowerShell Empire or PSExec network devices, Ryuk actors were able to use reconnaissance to attain admin credentials and deploy ransomware payloads on the network devices.
According to UHS reports, hospitals were left without access to computer and phone systems and had to redirect ambulances and relocate patients to other hospitals. This begs the question of the moral implications of attacking health services. With the chaos and confusion that occurred with the UHS attack, four deaths were reported due to the doctors having to wait for lab results to arrive via "snail mail." If hospitals do not have a sufficient level of security and infrastructure, more patients could very easily lose their life as part of a ransomware attack. And, it gets even worse in a COVID-19 pandemic-stricken world.
On September 10th, just a couple of days before the UHS attack, a ransomware attack encrypted 30 servers at the Dusseldorf University Clinic, in Germany. This caused a 78-year-old woman in need of critical care to be diverted to a facility 20+ miles away. Doctors were not able to save her life.
These incidents further emphasize that companies need to prioritize cyber emergency preparedness. Learning from the rapidly growing number of deaths due to ransomware attacks, we, as a cybersecurity community, need to ensure that no other civilian loses their life due to people taking advantage of technology for monetary gain.
Computer Being Controlled During a Ransomware Attack (Photo by Michael Geiger on Unsplash)
- Barth, B. (2020, November 5). ‘Picture this’: CynergisTek CEO paints bleak picture of ransomware attacks against hospitals. SC Media. https://www.scmagazine.com/home/security-news/ransomware/picture-this-cynergistek-ceo-paints-bleak-picture-of-ransomware-attacks-against-hospitals/
- Barth, B. (2020, September 23). Lessons from the ransomware death: Prioritize cyber emergency preparedness. SC Media. https://www.scmagazine.com/home/security-news/ransomware/lessons-from-the-ransomware-death-cyber-emergency-preparedness-critical/
- Ryuk Ransomware. Malwarebytes. https://www.malwarebytes.com/ryuk-ransomware/
- Gatlan, S. (2020, September 28). UHS hospitals hit by reported country-wide Ryuk ransomware attack. Bleeping Computer. https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/