Ransomware Actors Recede From Their ‘Words,’ Keep Whipping Healthcare Facilities During the COVID-19 Outbreak

  • Microsoft warned against rising Sodinokibi (also known as REvil) attacks, including affiliates actively looking for vulnerable VPN installations.
  • Interpol started offering first-hand technical support to member countries, as well as mitigation and protection advice to help safeguard healthcare firms.

It was just last month when the COVID-19 outbreak took all over the world, and healthcare facilities were pushed on its last leg to save people’s lives while also fighting to keep their frontline staff safe.

What happened?
In the past few weeks, many hospitals and medical research firms were targeted by cybercriminals. Most of the attacks faced by hospitals came from the side of ransomware actors, who had earlier stated to act diligently during the pandemic. On the contrary, some of them never stopped attacking hospitals.

Here is the list of ransomware attacks targeting healthcare, or related firms amidst the COVID-19 pandemic:

  • 10X Genomics, the California-based life sciences firm, was hit by an “attempted ransomware attack” which also involved the theft of certain company data. The firm is part of an international alliance and makes tools that researchers use to learn about the coronavirus.
  • Maze actors stole and encrypted the data belonging to Hammersmith Medicines Research LTD, the UK-based drug testing company, and then published the data after the ransom payment negotiations failed.
  • Bitcoin ransomware Ryuk targeted a US health facility, and maybe others as well (as claimed in the tweet) despite most of them being daily flooded with fresh COVID-19 cases.
  • In a suspected case of ransomware attack, Russian-speaking hackers attacked two companies in the pharmaceutical and manufacturing industries in Europe.
  • Also, Microsoft warned against rising Sodinokibi (also known as REvil) attacks, including affiliates actively looking for vulnerable VPN installations.

"After successful exploitation, attackers steal credentials, elevate their privileges and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads," Microsoft wrote in their blog post.

Interpol’s advisory
Recently, INTERPOL (International Criminal Police Organisation) issued a "purple notice" alert to law enforcement in all 194 member countries to support the global fight against this cybercriminal endeavor.

  • It has warned those at the forefront of the fight regarding the acute rise in the number of attempted ransomware attacks attempting to lockout hospitals from functioning normally.
  • It will also provide first-hand technical support to member countries, as well as mitigation and protection advice to help safeguard their critical medical infrastructure.
  • Additionally, Interpol is also curating a list of suspicious Internet domains related to COVID-19 and plans to work with the relevant countries to take action for violating the law.

The police organization said that hospitals and medical organizations around the world have become targets of ruthless cybercriminals who are looking to cash in at the expense of sick patients.

A spokesperson from Interpol warned, “locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths.”

Prevention and mitigation is the key
So far, security experts have observed ransomware attacks to be spreading primarily via emails. Firstly, to minimize the risk of disruption, Interpol encourages hospitals and healthcare companies to ensure using up-to-date hardware and software systems.

Meanwhile, here’s how one can protect their systems:

  • Verify the trustworthiness of sources before opening emails or downloading any software.
  • Avoid clicking on links or opening attachments in emails from unsolicited or unknown senders.
  • Use spam email protection systems.
  • Always backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive).
  • Install the most recent anti-virus software on all systems and mobile devices, and keep it constantly running.
  • Last but not the least, use strong, unique passwords for all systems.