Ransomware: UHS hospital group hit by Ryuk-based computer attack

It is one of the giants in the hospital sector.

It is made up of nearly 400 health facilities, spread between the United States and Great Britain, with nearly 90,000 employees. The health giant generates an average of nearly $11 billion in annual revenue. Universal Health Services is now one of the victims of ransomware attacks.

This article will also interest you: In the midst of the coronavirus pandemic crisis, a Czech hospital is the victim of a computer attack

The attack began with infections through conventional phishing methods. Cyber criminals used the Trojans Emotet and Trickbot to initiate their technique.

When the attack was triggered, no antivirus solution worked. All the safeguards have literally been rendered inoperative.

Once again, the health field is facing this dangerous adversary. The UHS group that had previously managed to escape the threat was finally caught by cyber criminals.In this case, it was the Ryuk ransomware that was used by cyber criminals to bring down its global computer network. Since Sunday, several hospitals have become unable to care for some of their patients requiring them to be transferred to other sites.Affected facilities are in Florida, California, Arizona, Washington DC and Texas. Their computer system and telephone network are totally inoperative. Some necessary systems are out of service such as cardiology radiology. Even the labs are disrupted.

"On Sunday at about 2 a.m., our facility's systems began to shut down. I was sitting in front of my computer when it all started. It was surreal and seemed to definitely spread across the network," says a man named graynova66 on the Reddit platform. "All the machines in my department are Dell Win10 systems. When the attack occurred, several antivirus programs were disabled by the attack and the hard drives went to sleep. After about 1 minute, the computers disconnected and went off. When you try to turn the computers back on, they automatically turn off." He adds.

The problem has indeed been confirmed by the hospital group. An internal source interviewed by the online media outlet BleepingComputer that cyber criminals have during the attack renamed all files by adding the extension .ryk. A feature of Ryuk ransomware. A cybersecurity expert named Vitali Kremez from Advanced Intel explains that this computer attack was preceded by another but phishing this time, as mentioned above. This had the effect of opening a bridge between the infected system and a server controlled by hackers. This allowed them to easily disseminate malicious scripts via PSExec or PowerShell Empire.

"The computer network of Universal Health Services (UHS) facilities is currently offline due to a computer security issue," UHS said in a statement on Monday. "We implement extensive IT security protocols and work diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established backup processes, including offline documentation methods. Patient care continues to be delivered safely and effectively. No patient or employee data appears to have been accessed, copied or otherwise compromised."

The computer failure resulted in the fatal delay in the transmission of analyses, with complications that followed. According to a man named u/SgtHaddix, four people were killed in the affected hospital facilities of the hospital group. However, no relationship has been established between these deaths and the cyberattack on Sunday. This automatically recalls the death of a Patient German Hospital who had also been hit by a ransomware attack. The cyberattack slowed down an urgent operation that it had to undergo which was fatal for the latter.

In addition, the risk remains. Health facilities are always targeted, and the consequences are becoming more serious. If before we could only count financial losses, today it is a question of human life that has put in the spotlight.

Now access an unlimited number of passwords:

Check out our hacking software