Ransomware Groups To Act Considerately During COVID-19 Pandemic

  • A hacker group said that the victim can request help on their email or Tor web page to provide proof and obtain a decryptor.
  • Some firms have announced extension of aid to organizations facing ransomware threats. 

Amidst the COVID-19 pandemic, some ransomware groups have released statements saying they will not target health and medical facilities at these times. 

What happened?
BleepingComputer, a computer help forum, reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi (REvil), PwndLocker, and Ako ransomware infections to inquire if they plan to continue attacking health and medical organizations during the Coronavirus outbreak. Some of the hacker groups stated that they plan not to target healthcare facilities during the ongoing health crisis.

DoppelPaymer Ransomware
The first group to respond stated that hospitals or nursing homes are generally out of their targeting list, and that they believe to continue this approach during the pandemic as well.

When they were asked what if a medical organization gets encrypted, the group said that the victim can request help on their email or Tor web page to provide proof and obtain a decryptor.

"We always try to avoid hospitals, nursing homes, if it's some local gov - we always do not touch 911 (only occasionally is possible or due to missconfig in their network) . Not only now. If we  do it by mistake - we'll decrypt for free. But about pharma - they earns lot of extra on panic nowdays, we have no any wish to support them. While doctors do something, those guys earns," read the response.

Maze Ransomware
The Maze operators posted a press release stating they have decided to shut off the ransomware attack activity against all kinds of medical organizations until the end of the pandemic.

"We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with the virus," they said. However, they did not comment on whether a free decryptor would be provided if a healthcare facility mistakenly gets encrypted by them.

Glimmers of hope
Some firms, including Emsisoft and Coveware, have announced that would be extending aid to organizations facing ransomware threats. The firms would offer their ransomware services for free to healthcare organizations till the pandemic lasts.

  • Technical analysis of the ransomware.
  • Development of a decryption tool whenever possible.
  • If it is the last resort, ransom negotiation help and transaction handling. 
  • There would be recovery assistance provided too, including the replacement of the actors’ decryption tool with a custom made tool to recover encrypted data more quickly while preventing maximum data loss.

Bottom line
The ransomware operators' response would give a bit of relief not only to healthcare organizations but also to security experts. Other ransomware operators are also expected to take a leap in putting humanity before their other motives.