How AI Caused RYUK Ransomware to Disrupt Healthcare Technology

AI has led to the development of a horrifying new form of ransomware known as RYUK, which is a huge threat to healthcare companies.

ai is a dangerous weapon in the hands of hackers
Shutterstock Photo License - NicoElNino

Artificial intelligence has been a positive force in our lives. A growing number of organizations are using AI technology to improve productivity, increase customer satisfaction, minimize errors and better understand emerging trends.

However, AI has also led to some troublesome changes as well. One of the biggest problems brought on by AI technology is in the field of cybersecurity.

A growing number of hackers are leveraging AI to launch more worrisome cyberattacks. One of the ways that they are doing this is by using machine learning technology to create horrifying forms of ransomware.

One of the most terrifying types of ransomware created by AI technology is RYUK. The healthcare sector in particular has been under siege as AI-savvy hackers find new ways to use this ransomware to take advantage of their victims.


AI-Powered Ransomware is a Huge Threat to the Healthcare Sector

People rely on the healthcare industry each and every day. Taking care of others and improving their health and well-being is a big part of what healthcare workers do everyday. Unfortunately, there’s some bad actors and hackers out there who want to bring down the healthcare industry.

Since March of 2020, numerous types of ransomware have plagued the healthcare industry. It’s a ripe target for hackers seeking financial gain. Often gaining entry through phishing emails, these attackers proceed to deploy the ryuk ransomware and carry out their devastating attacks.

Artificial intelligence has been a double-edged sword for the fight against ransomware. A growing number of cybersecurity professionals have started using AI technology to protect against it. However, VentureBeat also points out ways that AI has made ransomware more dangerous. Some of the ways that AI can make ransomware a greater threat are as follows:

  • Target profiling. Hackers are using machine learning technology to better profile their targets. They aren’t just profiling the organization as a whole. They are also using AI to profile individual employees to identify those with access to valuable information and the likelihood that they will fall for the social engineering ruses ransomware depends on.
  • Automating the spread of malware. AI has also helped automate many features of ransomware. This is making it easier to spread to as many machines as possible.
  • Identifying weak points in cybersecurity. Machine learning also allows ransomware to evolve to better evade existing defenses.
  • Improving encryption. AI helps ransomware become better encrypted.

AI is truly a formidable technology in the hands of hackers. It is making ransomware more dangerous than ever. RYUK ransomware is especially dangerous due to its dependence on AI.


In this article, we’ll cover what RYUK is, how it’s devastating the healthcare industry, and how to prevent/ recover from an attack.

RYUK Defined

In the popular Japanese anime show Death Note, there is a character named RYUK. In the show, the character drops a notebook that has some deadly abilities. The ransomware follows in its namesake’s footsteps by devastating any system it attacks. RYUK is a type of lateral moving ransomware that gets introduced into an organization’s network/system and proceeds to encrypt their files. It uses complex AI algorithms to spread more quickly and identify the best files to encrypt and steal.

Then, the files are held for ransom in exchange for untraceable bitcoin. Ryuk was likely developed by Russians and is being used quite a bit recently to disrupt and infiltrate various industries for financial gain. RYUK it’s cold, ruthless, and efficient making it one of the largest looming ransomware threats currently extant. Most recently, hospitals are being targeted by nefarious attackers quite often to great—and potentially dangerous—success. This would never have been possible without major developments in AI which have sadly fallen into the wrong hands.

How It Infects

RYUK infects its targets using a loader program known as Trickbot (although there are other loaders that might be used). Sometimes, it will install a different type of malware that hackers use a command-and-control network. Once one of these programs is installed on the system, they begin to install RYUK. Once the dangerous RYUK ransomware hits the system, it begins to encrypt files and data, while disrupting the entire organization. The AI algorithms that it employs are able to better encrypt data so victims can’t recover them. When it attacks a hospital, it becomes more dangerous than any other type of ransomware currently out there attacking various industries.


Its Effects on Healthcare Technology

RYUK has had some deleterious and adverse effects on healthcare technology as of late. The ransomware has caused over $67 million dollars’ worth of additional costs for the healthcare industry as a whole in the last year alone. But monetary damage isn’t the only dangerous effect the ransomware has on its victims. We’re talking about hospitals here. When the infrastructure goes down in a hospital it isn’t just billing that is affected. It can also negatively impact the operation of the machines and equipment that are actively treating patients. Without the technology available to help them, the ransomware is effectively removing sometimes lifesaving tech in the pursuit of financial gain. Radiology, communication, and lab technology can all be massively disrupted by a successful ransomware attack. Fallout from these ransomware attacks have impacted patients in this manner, with at least one woman dying when she had to be transferred from one hospital that had been infected by RYUK to another hospital in a different city. Calling ransomware like RYUK insidious and devastating isn’t just colorful description; it underscores how dangerous this ransomware actually is and why it’s prudent to find ways to prevent and stop it in its tracks.

Being Proactive Against RYUK

We mentioned in the past that AI-driven cyberattacks are more terrifying than ever. The use of RYUK ransomware is a huge example.

The biggest problem with mitigating damage from a ransomware attack is that by the time you know you’ve been affected, it’s probably already too late. Ensuring patches and firmware updates are in place as well as using multi-factor authentication / strong passwords can help prevent an infection, but they are by no means a complete security method. Securing and auditing your accounts, access, logs, and configurations is crucial to creating an environment where ransomware like RYUK is difficult to install. Finally, in hospitals especially, it’s prudent to use micro segmentation of database storage. By keeping important things separate from other data that’s commonly used, it can make it difficult for ransomware like RYUK to move laterally through the system and cause damage.



Ransomware attacks are tough to recover from. There really isn’t a way to restore data unless you have a decryption key and even if you pay the ransom, there’s no guarantee you’ll receive it. Having a backup using the 3-2-1 method (that’s where you have three backups of your data, two of which are on totally different mediums, and one of which is located off site) can be helpful. But there are other ways to help prevent an attack in the first place. The first step is to educate employees on how phishing emails occur, what to watch out for, and train them to avoid clicking on suspicious looking links in emails. This single initiative can drastically reduce vulnerability to attacks. Endpoint protection can also go a long way to preventing these types of attacks. Along with antivirus and malware protection, a robust endpoint protection strategy can keep your data safe. It’s almost like having home insurance—it helps you prevent and recover from possible unexpected damage.


Sean Parker is an entrepreneur and content marketer with over 5 years of experience in SEO, Creative Writing and Digital Marketing with Rank Media. He has worked with several clients from all over the globe to offer his services in various domains with a proven track record of success.