Coronavirus and Ransomware
According to Health Care Dive, 1,500 health care companies have been hit by a ransomware attack in the past four years. Healthcare companies like hospitals and clinics are often a target for these attacks because they store sensitive information and commonly lack cybersecurity. Ransomware attacks have changed in the past week as the Coronavirus pandemic impacts hospitals and healthcare organizations around the world.
Brno University Hospital
On March 13, Brno University Hospital in Brno, Czech Republic was hit by a ransomware attack that led to the cancellation of surgeries and the re-routing of all new patients to nearby St. Anne’s University Hospital. Brno University Hospital is one of the Czech Republic’s biggest COVID-19 testing laboratories. As the origin of the attack remain unknown, the attack was severe enough for the IT team to shut down the entire hospital’s infrastructure. This resulted in the delay of dozens of Coronavirus test results and surgeries.
Security experts warn that hospital staff has no time to worry about cybersecurity during this time. Flavius Plesu, founder and CEO of OutThink, claims that cybercriminals are remorseless and actively target healthcare facilities. Plesu and other professionals believe that prevalence of ransomware attacks will only increase during this crisis. Experts urge healthcare companies to continue providing as much cybersecurity training to their employees as possible.
Champaign- Urbana Public Health District
Just weeks prior to the Brno University Hospital ransomware attack, cybercriminals targeted the Champaign- Urbana Public Health District in Illinois. The ransomware was called Netwalker and it entered the network using a phishing campaign. Attackers have posed as helpful news article companies, healthcare providers, and public health agencies to lure victims into clicking the attachments in the emails that they send. In February, the World Health Organization (WHO) warned individuals about phishing scams related to the Coronavirus.
A Change of Heart?
As we’ve seen cybercriminals exploit healthcare organizations during the pandemic, one ransomware operator has pledged to avoid attacking them. According to BleepingComputer, operators of the Maze Ransomware stated that they will stop “all activity versus all kinds of medical organizations until the stabilization of the situation with the virus”.
Operators of DoppelPaymer Ransomware expressed that they do not normally target hospitals and will continue no to during this time. They added that if the group accidentally attacks a hospital, they will decrypt the victim’s data for free.
However, other operators were not as generous. Operators of the Netwalker Ransomware stated that no one, including them, has a goal to attack hospitals. Although, if they do attack a hospital by accident, the hospital must pay for the decryption.
In the event that a hospital becomes a victim of a Ransomware attack, Emisoft and Coveware have partnered together to offer free ransomware services. Their goal is to allow hospitals to remain operational in the shortest time possible following an attack.