Tuesday, September 29, 2020

As If 2020's "Murder Hornets" Weren't Scary Enough...?! Seems It All Hits... At Once.


[Back to our old power alley, for a moment:] Yesterday, it became clear that one of the nation's largest hospital chains was suffering a serious systems outage. The company has been very taciturn, as to exactly what the issue is/was. However, based on third party reports, it now seems equally clear that at least some of the affected health care facilities' IT employees saw ".rky" extensions on executable files no one seems to have intentionally installed.

This would point to an elusive form of ransomware called "Ryuk" -- the Russian originator of which had long said he wouldn't target life saving health care installations, as he didn't want. . . innocents' deaths on his hands. It seems some group of someones has purloined his code, or he has. . . changed his mind. Here's a bit, from one of several of the more alarmist MSM reports -- but it remains the company's position that no patient care decisions were affected:

. . . .Justin Heard, Director of Security, Intelligence and Analytics at Nuspire, noted that up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare.

“Ryuk is known to target large organizations across industries because it demands a very high ransom. The ransomware operators likely saw UHS as the opportunity to make a quick buck given the urgency to keep operations going, and the monetary loss associated with that downtime could outweigh the ransom demand,” he explained.

“Ryuk Ransomware is run by a group called Wizard Spider, which is known as the Russia-based operator of the TrickBot banking malware. Ryuk is one of the most evasive ransomware out there. Nuspire Intelligence has repeatedly seen the triple threat combo of Ryuk, TrickBot and Emotet to wreak the most damage to a network and harvest the most amount of data.”

Some ransomware operators have previously stated that they would refrain from hitting healthcare organizations. Despite that, the number of attacks targeting medical institutions continues to rise. . . .


There are claims in that media piece (wholly unverified) of at least four deaths in hospitals yesterday, due to the apparently-widespread systems outages. I will for now assume that is hyperbole, and just broadly note that 2020 cannot end quickly enough.

Damnation. We all now know that murder hornets (thus far, an unconnected plot element) are going to feature in the year's "season finale" -- even in the dead of December's icy blasts. Onward, with a wry grin, and overnight visits. . . .

नमस्ते

No comments: