On September 10, the infamous DoppelPaymer ransomware crashed the operational systems at a major hospital in Düsseldorf. The failure of critical systems caused delays in emergency treatment, which resulted in the death of one patient, possibly the first-ever case of a physical casualty due to a cyber attack.
The deadly infection
According to German authorities, the DoppelPaymer ransomware had disrupted the IT systems at the Düsseldorf University Clinic and had infected 30 servers in its network. The ransomware operators left an extortion note in one of the systems with details to contact the attackers but without any concrete ransom demand.
- Due to the system crash, doctors were not able to access data and start the treatment for an hour. Due to this unfortunate delay, one patient who was in need of urgent treatment died while she was being taken to another city for her treatment.
- In addition, the attack targeted the Heinrich Heine University in Düsseldorf, affiliated with the Düsseldorf University Clinic.
- Düsseldorf authorities contacted the ransomware operators and told them that the attack had endangered the lives of patients. The attackers then decided to withdraw the extortion attempt and provided a digital key to decrypt the data.
DoppelPaymer’s recent attacks
Active since June 2019, the DoppelPaymer ransomware operators have been involved in numerous attacks recently. In September, the group launched targeted attacks on several educational institutes.
- Recently, the gang launched a ransomware attack against the Guilford Technical Community College in North Carolina and disrupted a number of services, such as WebAdvisor and Navigate.
- Moreover, the gang held data of Newcastle University students in ransom and posted a part of the data related to students and staff members on the dark web.
- Furthermore, the gang compromised sensitive information related to the students and staff members of the Royal Military College of Canada.
From healthcare organizations to educational institutes, the DoppelPaymer ransomware has been extending its target areas gradually. To develop a multi-pronged, proactive approach, experts recommend that organizations in critical sectors should perform regular system backups, train employees to avoid phishing and other social engineering scams, and implement strong passwords.