Here is a quick Summary of what is going on. A cybersecurity advisory went out yesterday for the healthcare and public health sector this weekend. Federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have credible information suggesting an Eastern European threat group plans to launch a widespread Ryuk ransomware attack.
As scary as this sounds and it is scary, these are three main avenues that attackers use.
- Email phishing campaigns: The cyber criminal sends an email containing a malicious file or link, which deploys malware when clicked by a recipient. Criminals may also compromise a victim’s email account by using precursor malware, which enables the cyber criminal to use a victim’s email account to further spread the infection. -Why we say be careful when opening an email attachment especially when you are not expecting it.
- Remote Desktop Protocol vulnerabilities: RDP is a proprietary network protocol that allows individuals to control the resources and data of a computer over the internet. Cyber criminals have used both brute-force methods to obtain user credentials, and credentials purchased on darknet marketplaces to gain unauthorized RDP access to victim systems. Once they have RDP access, criminals can deploy a range of malware—including ransomware—to victim systems. -Why we stress using different and complex passwords for everything.
- Software vulnerabilities: Cyber criminals can take advantage of security weaknesses in widely used software programs to gain control of victim systems and deploy ransomware. -Why we stress to always run updates and why there are always so many updates.
In order to protect ourselves please follow these best practices
- Do not open any attachments in emails you are not expecting from anyone
- Send a separate email to the sender to verify the legitimacy of the email
- Contact support and forward the email to firstname.lastname@example.org if you are not sure about an email before opening it.
- Make sure to update your operating systems, software, and firmware as soon as manufacturers release updates
- Do not ignore your windows, dells or iPados updates
- Check once a week to see if you have updates that need to be ran, they do not install automatically and are often time ignored
- Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts
- Use multi-factor authentication where possible
If you think you have received or your device has been compromised by a cyberattack, contact the helpdesk immediately at email@example.com or by calling 865-392-2812.
For more information about the cyber security warning please go to the following site
This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with ransomware, notably Ryuk and Conti, for financial gain.