The operators of Ryuk ransomware continue to target hospitals, despite the intense pressures they are already facing as a outcome of the coronavirus pandemic.

On March 27, 'PeterM' of British IT security firm Sophos, tweeted that a U.s.a.-based healthcare provider had been targeted by Ryuk'southward ransomware. PeterM stated that the cyber offensive "looks like a typical Ryuk attack," posting:

"I tin can confirm that #Ryuk ransomware are nevertheless targeting hospitals despite the global pandemic. I'm looking at a U.s.a. wellness intendance provider at the moment who were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP."

Two of vii ransomware operators claim to cease targeting hospitals

On March 18, cybersecurity publication BleepingComputer published a report later contacting seven ransomware operators to ask if they would continue to target hospitals despite the COVID-19 outbreak.

Just Maze and DoppelPaymer indicated that they would no longer target hospitals. Maze afterwards decrypted and released data that information technology had stolen from a drug testing company that information technology had targeted prior to the pandemic.

Ryuk did not respond to the publication'due south asking for comment

One calendar week later, Bleepingcomputer reported that software security firm SentinelOne had identified at to the lowest degree x instances of Ryuk targeting at to the lowest degree x healthcare organizations during March — including one attack on a network of nine hospitals.

Dutch cybersecurity firm freely fights ransomware for hospitals

As function of the "Tech against Corona" initiative — where a consortium of local tech companies are freely offering their services and technologies to the Dutch authorities to fight COVID-19 — It security firm Cybersprint is helping hospitals fight ransomware.

In addition to providing its security services to the hospitals free of charge, information technology is also conducting a deep investigation into contempo ransomware attacks to develop best practices to secure against time to come incidents.