fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

UHS Restores Hospital Systems After Ryuk Ransomware Attack

UHS Restores Hospital Systems After Ryuk Ransomware Attack

Universal Health Services (UHS), a Fortune 500 hospital and healthcare services provider, says that it has managed to restore systems after a September Ryuk ransomware attack.

UHS has over 90,000 employees who provide healthcare services to roughly 3.5 million patients every year through a network of more than 400 healthcare facilities in the US and the UK.

UHS hospitals returning to normal operations

The ransomware attack the healthcare provide refers to as a “security incident” took place during the early hours of Sunday, September 27, and it forced UHS employees to shut down all systems to block the malware from spreading to unaffected network systems.

“As a result of this cyberattack, we suspended user access to our information technology applications related to operations located in the United States,” UHS says in the company’s 2020 Q3 Financial Results report and an 8K filing with the U.S. Securities and Exchange Commission (SEC).

“While our information technology applications were offline, patient care was delivered safely and effectively at our facilities across the country utilizing established back-up processes, including offline documentation methods.”

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

UHS has since restored most affected computing systems at behavioral and acute care health hospitals, also bringing back systems vital to hospital operations including those needed for laboratory and for managing patient electronic records.

“With the back-loading of data substantially complete at this point, our hospitals are resuming normal operations,” the company explains.

UHS says that it has started the process of bringing back all business operations and information technology (IT) infrastructure immediately after the attack.

It has also investigated the ransomware attack’s potential attack with the help of third-party IT forensic and security vendors.

So far, UHS says that the ongoing investigation wasn’t able to find any evidence of unauthorized access, theft, or misuse of patient or employee data.

However, “although we are unable to quantify the ultimate impact of the above-mentioned information technology security incident that we experienced in late September 2020, the incident could have an adverse effect on our future results of operations.”

Ryuk ransomware behind the attack

UHS hasn’t disclosed the nature of the nationwide September attack on its systems in the initial disclosure statement or today’s report and 8K filing.

However, BleepingComputer found from a UHS employee that files were being renamed on impacted systems to include the .ryk extension used by Ryuk ransomware.

Another employee told BleepingComputer that one of the affected systems’ screens displayed a ransom note reading “Shadow of the Universe,” a similar phrase to that usually displayed at the bottom of Ryuk ransom notes.

Ryuk ransom note
Ryuk ransom note

Based on info shared by Advanced Intel’s Vitali Kremez, the attack on UHS’ systems most likely started via a phishing attack.

Advanced Intel’s Andariel intelligence platform detected both the Emotet and TrickBot trojans affecting UHS throughout 2020 and even more recently, during September 2020, according to Kremez.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

Emotet is being delivered onto victims’ computers via phishing emails containing malicious attachments that deploy the malware payloads.

In some cases, Emotet will subsequently also install TrickBot which eventually opens a reverse shell to the Ryuk operators after collecting and exfiltrating sensitive data from infected devices.

The Ryuk actors manually deploy the ransomware payloads on network devices using PowerShell Empire or PSExec after a reconnaissance stage once they gain network access and admin credentials.

Unfortunately, while UHS says that they haven’t found evidence of any stolen patient or employee data, with ransomware attacks there is always a higher chance of it happening rather than not, further increasing the damage.

Ongoing Ryuk ransomware campaign targeting healthcare

In a joint advisory issued on Wednesday, the U.S. government warned of active Ryuk ransomware attacks against healthcare industry organizations including hospitals and healthcare providers.

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” the advisory says.

In a call with the healthcare industry stakeholders, the U.S. govt agencies also advised healthcare orgs to secure their networks by preparing network lockdown protocols, reviewing incident response plans, installing patches on Windows servers and edge gateway devices, limiting personal email, as well as setting up strategies on where to redirect patients in the event of an attack.

This week, Sky Lakes Medical Center in Oregon and St. Lawrence Health System in New York were both hit by Ryuk ransomware, followed by the Wyckoff Heights Medical Center hospital in Brooklyn and multiple hospitals in the University of Vermont Health Network.

Charles Carmakal, senior vice president and CTO of Mandiant, told BleepingComputer earlier this week that an Eastern European hacking group tracked as UNC1878 is behind this attack spree and that they plan to attack hundreds of other hospitals.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us