The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a joint alert with the FBI and the U.S. Department of Health and Human Services describing the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the healthcare and public health sector to infect systems with Ryuk ransomware for financial gain. In the alert, the authoring organizations state that they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. The alert provides further technical details of this activity and offers a long list of mitigation advice and links to resources. Read the alert at CISA.

Although this alert is focused on a different sector, WaterISAC encourages water and wastewater utilities to review its contents given the persistent and ongoing threat that ransomware poses to these organizations. Additionally, the ransomware described in the alert – Ryuk – has been used in attacks against utilities, as has the other malware described in this product, Trickbot. As described in the report, once it has infected a system, Trickbot can be used to conduct a myriad of illegal cyber activities, to include deploying Ryuk.

To report activity related to information found in this advisory, contact the FBI via a local field office or via its 24/7 CyberWatch (CyWatch) at (855)292-3937 or CyWatch@fbi.gov. To request incident response resources or technical assistance related to these threats, contact CISA at central@cisa.dhs.gov.