National Veterinary Associates (NVA), which has around 700 locations, was hit with the Ryuk ransomware. NVA discovered the infection on October 27th and hired two security companies to help the 400 affected locations recover. Although clinics remained open for previously scheduled appointments, people were unable to book appointments online and some locations could not look at the most up-to-date records. Since then, all patient records have been recovered at each location. NVA’s new head of technology was quoted as saying, “Because of the scale of the attack, the virus eventually found three smaller points of entry through accounts that were unaffiliated with NVA, but unfortunately opened within our network. Upon discovery of the incident, our technology team immediately implemented procedures to prevent the malware from spreading; however, many local systems were affected. Still, we have many hospitals whose systems are not recovered. The technology team continues to set up interim workstations at each affected hospital while they prepare to rebuild servers.”
Analyst Notes
Ryuk is typically deployed in the last step of a chain of infections, usually beginning with a phishing attempt. Security awareness training around these types of attacks, coupled with email scanning to detect malicious attachments, still remains one of the most important things a business can do to protect itself. All businesses should deploy some form of anti-virus and, when possible, an endpoint detection solution. Security works best when layered, no one solution is a catch-all. To protect data in the case of ransomware like Ryuk, backing up data to a non-network accessible storage medium is crucial to quick recovery without paying the ransom, or if the attacker fails to honor their pledge to provide decryption keys even after a ransom is paid.
https://threatpost.com/400-vet-locations-ryuk-ransomware/150443/, https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/
