Through a coordinated effort between Critical Path Security, Microsoft, and the COVID-19 CTI League, we have released a full threat intelligence feed containing Indicators of Compromise (IOCs) used to lock down dozens of hospitals with Ryuk ransomware. The healthcare facilities can use these IOCs to alert of an attack which will provide an opportunity to defend themselves.
Brian Krebs reports,
On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”
Read More
These feeds will be continually updated and available for free.
https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/blob/master/cps-collected-iocs.intel
If you need any assistance with using these feeds or understanding how to better protect your organization, don't hesitate to reach out!