FBI Warns of Ryuk Ransomware Attack on Hospitals, Healthcare Providers This Weekend

FBI warns of Ryuk ransomware attack on hospitals, healthcare providers this weekend

29 October 2020

and that malware drops in the encryption malwa Review your cybersecurity advisory and re. Mandiant Threat Intelligence has posted an recommendations for mitigation as soon as excellent article describing the precursor email possible. campaigns that lead to post-compromise deploy ment of ransomware and has posted IOCs asso Multiple federal agencies issued a public ciated with the threat actors believed to be res cybersecurity advisory yesterday about an ponsible for this current threat. imminent ransomware attack against the healthcare and public health sector this CISA, the FBI, and HHS have recommended that weekend. The Cybersecurity and Infrastructure hospitals and healthcare systems implement the Security Agency (CISA), the Federal Bureau of following measures as soon as possible: Investigation (FBI), and the Department of Health and Human Services (HHS) have credible Establish and practice out of band, non information suggesting an Eastern European threat group plans to launch a widespread Ryuk VoIP, communications ransomware attack. Rehearse IT lockdown protocol and process,

CISA, the FBI, and HHS have issued a joint cyb including practicing backups ersecurity advisory describing the tactics, techn Ensure backup of medical records, including iques, and procedures (TTPs) used by cybercrimi nals to infect systems with Ryuk ransomware. Ry electronic records, and have a 321-backup uk is typically activated after a precursor form of malware (like Trickbot) is on a computer system,

Beazley October 2020 Beazley | Page 2

strategy – have hard copy or remote backup Consider limiting/powering down non- or both essential internet facing IT services

Prepare to maintain continuity of operations Limit personal email services if attacked Be prepared to re-route patients if patient Review plans within the next 24 hours care is disrupted due to IT outage> should you be hit Ensure sufficient staffing to maintain Check that your anti-virus and endpoint continuity of operations with disrupted IT detection and response (EDR) are running; networks a stopped state may indicate compromise Report all potentially related cyber incidents Power down IT where not used to the FBI 24/7 CyberWatch Command Center at 855-292-3937 Consider limiting use of personal email

Be prepared to reroute patients The full Cybersecurity Advisory provides technic al details, indicators of compromise (IOCs) for Tri Ensure proper staffing for continuity ckbot, Ryuk attack techniques under the MITRE ATT&CK framework, and significantly more detail Know how to contact federal authorities about mitigation. when phones are down, or email has been wiped

www.beazley.com

The descriptions contained in this communication are for preliminary informational purposes only. The product is on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd’s. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: 0G55497). BZSLXXX_US_03/20

Beazley October 2020