The cybersecurity arm of the Department of Homeland Security is urging hospitals and other healthcare providers to brace for ransomware attacks during the present surge of COVID-19 cases.
DHS’s Cybersecurity and Infrastructure Security Agency, together with HHS and the FBI, issued the formal alert late Wednesday.
In the announcement, the three agencies say they have “credible information of an increased and imminent cybercrime threat” to the public health sector.
The document lays out technical details and mitigation recommendations tuned to this particular set of threats.
The federal agencies believe the attackers will probably use the Ryuk access-blocking technique. Ryuk is a type of ransomware deployed by criminals demanding money in exchange for restoring access to critical IT infrastructure and networks.
In coverage of the alert by the Associated Press, a ransomware expert in the private sector says many crime groups use Ryuk, paying its developers a cut.
The coverage also quotes the CTO of a cybersecurity company who remarks that the U.S. is experiencing “the most significant cybersecurity threat we’ve ever seen.”
Numerous outlets covering the development have noted the timing of the stepped-up activity, coming as it does not only during a COVID spike but also at the height of an especially divisive presidential campaign season.
“While no one has proven suspected ties between the Russian government and gangs that use the Trickbot platform” to infect networks with Ryuk, there is “no doubt that the Russian government is aware of this operation,” a close ransomware observer says in the AP report.