<img src="//bat.bing.com/action/0?ti=5163419&amp;Ver=2" height="0" width="0" style="display:none; visibility: hidden;">

Nextech Blog

Ryuk: The “Death God” of Ransomware is Back… and Coming After Healthcare

Posted On 10/22/2020 by Nathan Brown

Ransomware attacks are back at it… again. It almost seems like there’s just something about this time of year that always has the ransomware trolls coming out of the woodwork. According to a new report from Check Point Research, the third quarter of 2020 saw a 50 percent increase in daily ransomware attacks and the total number of ransomware attacks had nearly doubled in the United States. Sadly, once again, the healthcare sector has been the most frequently targeted industry in this new wave of ransomware attacks. Perhaps the scariest among these ransomware programs (or, at the very least, the one currently sowing the most chaos) is called Ryuk.

As Halloween approaches, it seems eerily fitting that a ransomware called Ryuk would be in the headlines. You see, the name Ryuk was likely taken from a character in the popular Japanese Manga series Death Note. In the series, Ryuk is a Shinigami (death god) who gives the main character a notebook that gives him the power of life and death, allowing him to end the lives of others by writing their names in its pages. Similarly, one might say, Ryuk ransomware gives bad actors power over the life or death of computer networks.

 

Ryuk loves eating apples… And by apples, we mean your data security (and money).

Though Ryuk is a relatively young ransomware program (it’s only been around for about 18 months or so), it already caused enough damage to be named by the Center for Internet Security as the “Fall 2019 Threat of the Quarter.” During the first few months of 2020, however, there seemed to be a lull in activity with it. Turned out it was just the calm before the storm. Then came the coronavirus pandemic, which apparently was just too tempting of a situation and now, here we are, barely a half year later, and this “death god” of ransomware is back with a vengeance.

The UHS Ryuk Attack

Let’s take a look at one scary recent example of what Ryuk can do. Around the end of September 2020, U.S.-based healthcare company Universal Health Services (UHS) was hit hard by the ransomware. As one of the world’s largest healthcare services providers, they operate over 400 hospitals and facilities in the U.S, Puerto Rico and the U.K. Luckily for them, the ransomware did not spread systemwide. However, systems were crippled at multiple UHS facilities in California, Florida, Texas, Arizona and Washington D.C. So, it was certainly widespread enough to be a very serious issue for UHS.

There is one particularly terrifying aspect to the UHS attack—it disabled the system’s antivirus software. According to a report shared via the online platform Reddit, “When the attack happened, multiple antivirus programs were disabled by the attack and hard drives just lit up with activity.” One minute later, according to these same leaked reports, the computers automatically logged out all users and shut themselves down. When users tried to power the computers back on, they immediately shut themselves back down, making it impossible to get the system back online. As a result, all affected facilities suddenly lost access to crucial data including labs and EKGs. They also lost access to their PACS radiology system.

 

Don't let your network's name be written in the Death Note

Considering Ryuk users have been demanding ransoms of between 15 to 50 Bitcoins (roughly between $97,000 and $320,000 USD), getting their systems back online could be rather expensive for UHS if they end up having to pay it out.

Don’t Let Ryuk Get Inside (Your Computer Network)

While Ryuk is certainly a frightening new form of ransomware, it is not all that different from other ransomwares when it comes to how it is delivered (usually via phishing or spear-phishing emails). And this is its weakness. It can’t take your system hostage if you don’t let it in. Like a vampire, it has to be invited. You may be thinking, “I would never invite ransomware into my system.” Well, every time you click on an unverified link or hastily download an attachment in an email, you are doing just that.

We have already discussed how to identify and avoid phishing or spear-phishing emails on this blog, so feel free to read up on our past articles if you need a refresher course. Antivirus is simply not enough to keep your data safe, these days. As an internet user and an individual, you must be responsible for your own behavior. This means being aware and informed about current threats. It means being calm and skeptical when it comes to emails links and attachments. Because all it takes is one careless click to invite a “death god” like Ryuk into your system.

Stay safe out there.


Speaking of frightening, if you're not getting the security and efficiency your specialty practice needs from an EHR or Practice Management solution, it's time you see what Nextech offers our clients. Learn more

Topics Security & Data Management

Nathan Brown

Nextech's Sr. Content Writer