{ "id": "9ad76947-93f3-4679-b987-289b380aa45d", "created_at": "2026-04-06T01:29:49.282669Z", "updated_at": "2026-04-10T03:24:29.535748Z", "deleted_at": null, "sha1_hash": "3c520024a1bbcc201d065ec8e7d14ad9772e7a17", "title": "Brooklyn \u0026 Vermont hospitals are latest Ryuk ransomware victims", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2437295, "plain_text": "Brooklyn \u0026 Vermont hospitals are latest Ryuk ransomware victims\r\nBy Lawrence Abrams\r\nPublished: 2020-10-29 · Archived: 2026-04-06 01:00:58 UTC\r\nWyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the\r\nRyuk ransomware attack spree covering the healthcare industry across the U.S.\r\nYesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an\r\n\"increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.\"\r\nLater in the day, CISA issued a joint advisory publicly warning that U.S. hospitals and healthcare providers are actively\r\ntargeted in cyberattacks deploying the Ryuk ransomware.\r\nhttps://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nCharles Carmakal, senior vice president and CTO of Mandiant, told BleepingComputer that an Eastern European hacking\r\ngroup known as UNC1878 is responsible for these attacks and that they intend to attack hundreds of hospitals.\r\nThis week, Sky Lakes Medical Center in Oregon and St. Lawrence Health System in New York were hit in Ryuk\r\nransomware attacks. Last month, hospital operator Universal Health Services was hit by a corporate-wide Ryuk attack,\r\nwhich impacted over 200 medical facilities nationwide.\r\nIn a new report released today, Check Point states that they have seen a 71% increase in ransomware attacks in October\r\ntargeting the U.S. healthcare sector.\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nWyckoff Hospital suffered a Ryuk attack yesterday\r\nToday, an employee of Wycoff contacted BleepingComputer and stated that their hospital suffered a Ryuk ransomware\r\nattack yesterday.\r\nWyckoff Heights Medical Center is a 350-bed teaching hospital located in Brooklyn, NY.\r\nTo prevent the spread of the attack to other devices, we were told that Wyckoff Hospital shut down portions of their\r\nnetwork, but by then, it was too late, and many of the devices had been encrypted.\r\nIt is unknown if the hospital is redirecting patients to other hospitals and what impact the attack has had on patients'\r\ntreatment.\r\nBleepingComputer has reached out to Wyckoff for further comment but has not received a response.\r\nVermont network of hospitals hit as well\r\nToday, the AP reported that the University of Vermont Health Network had suffered a cyberattack affecting all the hospitals\r\nin their network to varying degrees.\r\n\"The attack has caused variable impacts at each of our affiliates. Staff are continuing to follow well-practiced standby\r\nprocedures to ensure safe patient care. We understand the difficulty this causes for our patients and the community and\r\napologize for the impact. There have been some changes to patient appointments and we are attempting to reach those\r\npatients who have been affected. We will continue to provide systems and patient service updates when they are available,\"\r\nread a statement from the University of Vermont Health Network.\r\nThe current status of each affected hospital is:\r\nAlice Hyde Medical Center – Malone, NY - Maintaining all patient care services.\r\nCentral Vermont Medical Center – Berlin, VT - Maintaining all patient care services, but patients may experience\r\ndelays\r\nChamplain Valley Physicians Hospital – Plattsburgh, NY - Maintaining all patient care services, but physician\r\npractice patients may experience slight delays.\r\nElizabethtown Community Hospital – Elizabethtown, NY - Maintaining all patient care services.\r\nPorter Medical Center – Middlebury, VT Maintaining all patient care services.\r\nUVMHN Home Health and Hospice Maintaining all patient and resident care services\r\nUVM Medical Center – Burlington, VT Rescheduling some elective procedures scheduled for Thursday, 10/29, with\r\nthe hope of resuming procedures on Friday, 10/30.\r\nhttps://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/\r\nPage 3 of 5\n\nThe hospital network is working with the FBI and the Vermont Department of Public to investigate the attack.\r\n\"FBI Albany can confirm we are investigating a potential cyber attack at UVM Health, along with our federal, state and\r\nlocal partners. This is an active investigation, and we decline to comment further at this time,\" the FBI told\r\nBleepingComputer in a statement.\r\nIt is unknown if Ryuk was utilized in this particular attack.\r\nCybersecurity firm offering free ransomware assistance\r\nHospitals that are forced to pay a Ryuk ransom need to be careful of using their decryptor as it is known to corrupt certain\r\ntypes of files.\r\nEmsisoft is offering free ransomware recovery services to healthcare organizations during the pandemic, which include\r\ncustom decryptors that fix known decryption bugs and can recover files faster than the threat actor's decryptors.\r\n\"There are multiple factors and it depends a bit on the hardware, but there are three major factors: We heavily optimised I/O\r\n(so the reading and writing has been optimised a lot and been adjusted for modern mass storage), we use hardware\r\naccelerated cryptography, and we make creating a backup first unnecessary, because unlike the TA's tool, we operate on\r\ncopies of data.\"\r\n\"The real benefit is in the fact that we focus on data safety first. So our decryptors generally are more stable, are safer to use,\r\nand produce correct results,\" Emsisoft CTO Fabian Wosar told BleepingComputer in a conversation.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/\r\nPage 4 of 5\n\nSource: https://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/\r\nhttps://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/" ], "report_names": [ "brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775438989, "ts_updated_at": 1775791469, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3c520024a1bbcc201d065ec8e7d14ad9772e7a17.pdf", "text": "https://archive.orkl.eu/3c520024a1bbcc201d065ec8e7d14ad9772e7a17.txt", "img": "https://archive.orkl.eu/3c520024a1bbcc201d065ec8e7d14ad9772e7a17.jpg" } }