Hackers are demanding $14 million worth of Bitcoin to restore computers powering 110 nursing homes across the United States, putting the lives of patients at risk.
In an interview with KrebsOnSecurity, Wisconsin-based IT company Virtual Care Provider Inc. (VCPI) confirmed that hackers have used the dreaded Ryuk ransomware to encrypt all of the data it hosts for clients.Ā The firm estimated it maintains roughly 80,000 computers and servers powering care facilities across 45 US states.
Ryuk is a particularly nasty malware strain thatās been sweeping government organizations and other high-value targets all year.
Machines are typically infected with a special Trojan named Trickbot via widespread email phishing campaigns. The attackers then select lucrative targets to exploit with Ryuk, which encrypts files and demands large sums of Bitcoin to unlock them.
Back in January, it was estimated that Ryukās masterminds hadĀ earned $3.7 million in just five monthsĀ ā a total now likely to be significantly higher.
Care facilities could close if Bitcoin ransom isnāt paid
VCPIās chief executive Karen Christianson noted the attack has affected āvirtually allā of its core offerings, which includes internet access, billing, phones, email, and access to client records.
āWeāve got some facilities where the nurses canāt get the drugs updated and the order put in so the drugs can arrive on time,ā Christianson told KrebsonSecurity. āIn another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they donāt get their billing into Medicaid by December 5, they close their doors.
āSeniors that donāt have family to go to are then done. We have a lot of [clients] right now who are like: ājust give me my data,ā but we canāt,ā she added.
VCPIās own payroll systems are being held for ransom, too, with employees reportedly asking when theyāre going to be paid.
Christianson told reporters the firm was concerned with handling life-threatening situations first, which meant dealing with getting electronic medical records back online as soon as possible.
This attack, like others, was likely preventable for a long time
KrebsonSecurity also reviewed dark web communications provided by cyber intelligence firm Hold Security that showed VCPIās initial intrusion may have occurred way back in September 2018.
Hold Securityās founder explained that the attack VCPI is currently dealing with was actually preventable up until the Ryuk ransomware was deployed, which happened on November 15th of this year.
VCPIās CEO has reportedly vowed to publicly document everything that has happened once the attack has been brought under control ā if thatās possible, that is.
In October, Hard Fork reported that a string of US hospitals opted to pay Ryuk ransomers in order to regain access to critical files.
As for VCPI, it reportedly cannot afford to pay the Bitcoin ransom.
Get the TNW newsletter
Get the most important tech news in your inbox each week.