FBI, HHS warn of imminent ransomware threat against hospitals, healthcare providers

By: C Spire on Oct 30, 2020 5:11:49 PM

shutterstock_1357654529(2)The U.S. government is warning hospitals and healthcare providers to take precautions to protect their networks from imminent ransomware threats. The joint cybersecurity advisory focuses on a recent increase of the utilization of Ryuk ransomware. 

According to the advisory from the FBI, CISA and HHS, Ryuk ransomware first appeared in August 2018. However, the past 30 days have seen multiple healthcare systems report Ryuk attacks and infections, resulting in millions of dollars in ransom demands.

Some of the advisory's security recommendations include:

  • Ensure all users are trained to identify suspicious email.  

  • Alert all users to be extra vigilant when opening any attachments or clicking any link that is included in email messages.  

  • Do not open any attachment received in email that is not expected. 

  • Do not click a link in any email without being able to positively identify the legitimate web URL/ host.    

  • Ensure that Antivirus and Antimalware are installed and updated on all eligible devices.  

  • Deploy Security Incident and Event Management (SIEM) system monitoring in strategic network segments to help identify malicious traffic behavior being that potential transmitted.  

  • Use Multi-factor authentication where possible.  

  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts. 

  • Ensure all desktops and servers are patched with the latest updates from respective device manufacturers. Threat actors take advantage of vulnerabilities when attempting to gain domain level access. 

  • Ryuk takes advantage of domain admin credentials to remotely access and encrypt disks through the administrative shares on Windows PC’s. This means that no malware code ever runs on the system that gets encrypted. Customers should consider blocking access to the ports that enable this file sharing if they are worried about this threat. 

  • It has been observed that recent updates made to Ryuk in the wild show that it attempts to encrypt files using Windows administrative shares.   

  • Due to this, users should consider either completely disabling administrative shares completely or block access via their firewall solutions - depending on the various needs of the organization. 

  • Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs. 

  • Ensure incident response plan is up to date and in place. 

  • Regularly backup all data, air gap and password protect backup copies *offline* when possible. 

  • Maintain multiple copies of sensitive or proprietary data and servers in separate, secure locations when possible. 

  • Verify that appropriate security settings and controls are in place for Microsoft Office 365, M365. 

Next steps

If you have concerns about your security architecture, business continuity or data backup options, contact C Spire Business for a consultation.



Topics: ransomware, Cybersecurity

C Spire Business is a privately-held telecommunications and technology company driven to deliver the best experiences in wireless, fiber internet, and business IT solutions such as internet, VoIP, cloud and managed services. Read more news releases and announcements at For more information, visit or find us on Facebook, Twitter or Instagram.

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.