U.S. Hospitals Are Under Constant Attack by the ‘Ryuk’ Ransomware Group

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

There’s a wave of attacks hitting a number of hospitals, clinics, and medicare facilities across the United States, while the main culprit seems to be the ‘Ruyk’ ransomware gang. The FBI, the U.S. Department of Homeland Security, and the U.S. Department of Health and Human Services have held an emergency conference call to discuss the threat and determine a course of action. Relevant warnings to healthcare providers have already been disseminated, as more cyber-attacks are anticipated in the upcoming weeks.

According to credible sources from cyber intelligence firms that monitor the dark web, the ransomware group that is orchestrating the new wave of attacks is Ryuk, a Russian-speaking gang that has been pretty active recently. Based on discussions found on the dark web, Ryuk is planning to hit over four hundred healthcare facilities in the United States, causing a dangerous disruption in an absolutely crucial field.

The United States healthcare is still dealing with a huge COVID-19 burden right now, as the active cases and the people who need hospitalization are back on the rise again. This practically means that Ryuk is indirectly threatening to take human lives, as locking hospital networks or taking them offline during a pandemic creates a very risky setting. Ryuk has proven its heartless approach to this, and they are willing to launch the attacks no matter the consequences for the affected patients.

There are two possible goals behind this approach. First, asking for the payment of a ransom during times of emergency cuts negotiation efforts short, so the actors can get the requested amount quickly and without much fuss. Second, there’s the political motive, which comes at a critical time. Trump is already bashed for the COVID-19 deaths and the way he handled the whole situation from the beginning, so making it even worse isn’t helping the administration that's currently responsible.

As Krebs reports, several Ruyk ransomware attacks hit hospitals in the United States during this week. There are reports about a lock-down of the Sky Lakes Medical Center’s computer systems in Oregon, a Ryuk attack on St. Lawrence Health System that led to a subsequent infection at Caton-Potsdam, the Messena, and the Gouverneur hospitals, and also a ransomware disruption at the Ridgeview Medical Center in Waconia.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: