Medical Institutions Hit by Ryuk Ransomware, $14M Ransom Demanded

A computer infrastructure service provider working with acute care centers and nursing homes in the US became the latest victim of the Ryuk ransomware in late November 2019. The company in question is named Virtual Care Provider Inc. (VCP) and is based in Milwaukee.

VCP released a statement, informing that the bad actors were asking for ransom in the amount of $14 million. The company's CEO further said that this will not only be destructive to the business but could also lead to fatalities among the patients, as the staff is unable to access the patients' medical records. The crooks are using Ryuk - one of the most popular ransomware threats used by cybercriminals worldwide. Ryuk has been used in a number of attacks against US service providers in the past, including a very recent attack on an Alabama medical institution that opted to actually pay the ransom to salvage its operations and ensure patient safety.

Medical patients' livelihood hangs in a balance due to Ryuk attacks

The VCP Ryuk accident affected around 80,000 computers across various facets of the company's infrastructure, from patient records to phones and payroll operations. Of course, parts of the systems that are crucial to patients getting their medication on time are far more important and are being dealt with first. Around 110 nursing homes are affected by the attack.

This attack is the latest in a string of ransomware infections targeting hospitals across the world. The particularly dangerous part in those instances is evident - there is a very immediate and real threat to the lives of patients who depend on scheduled medication, but scheduling and ordering this medication becomes nearly impossible during a system outage caused by ransomware. Some of the hospital operations can be dialed back to pen-and-paper mode, but a lot of the times, the IT infrastructure is critical, which makes cyberattacks much more than a nuisance.

KrebsOnSecurity, who originally reported the attack, also mentioned that Ryuk victims are usually compromised long before the actual ransomware flare-up, and their networks are quietly mapped and researched by the cybercriminals so they can ensure maximum penetration and damage once they launch the actual ransomware payload.