Cisco Talos is becoming aware an adversary will be leveraging Trickbot banking Ryuk and trojan ransomware to focus on U.S. health care and hospitals providers from an increasing rate. Security journalists on October 28 documented, 2020 that the adversary was getting ready to encrypt systems with “potentially hundreds” of healthcare centers and hospitals, predicated on a tip from the researcher who was simply monitoring communications regarding the threat actor. October 28 and 29 on, the reviews supported these claims of six U.S. hospitals getting compromised with Ryuk in the period of 24 hours.

CISA, the FBI, and HHS confirmed this action targeting the Health care and Public Health Industry also, releasing a joint advisory october 28 on, 2020. The advisory mentioned that the Ryuk actors were utilizing Trickbot to focus on the and that the experience posed an “elevated and imminent” threat. They published complex indicators for both Trickbot and Ryuk also.

Talos has yrs of experience coping with Trickbot, Ryuk, along with other tools utilized by the adversary. We have been currently supporting customers that are working and impacted hand-in-hand with federal police to aid their investigations.  We have been supporting other police and federal agencies aswell also.