At the same time that the pandemic is underway across the globe, ransomware actors continue their abhorrent act of locking down computers. When they are targeting healthcare centers, it is not only money that they are taking but human lives. Showing no empathy to other people who were unlucky to find themselves in this emergency situation is highlighting once more how much the ethical conduct of these actors extends.
Starting with the Ryuk gang, they seem to continue their business as usual. As the infosec expert points out in the below tweet, Ryuk is still targeting hospitals, locking down systems, and asking for the typical ransoms. In total, there have been at least ten confirmed Ryuk infections on US-based healthcare centers over the past month, so the whole situation is indicative of how ransomware actors feel about other people during a crisis.
I can confirm that #Ryuk ransomware are still targeting
hospitals despite the global pandemic. I'm looking at a US health care provider at the moment who were targeted overnight. Any HC providers reading this, if you have a TrickBot infection get help dealing with it ASAP.— PeterM🌻 (@AltShiftPrtScn) March 26, 2020
Simultaneously, the Maze group, - who said they would stay away from hospitals during this period - have locked down Chubb’s systems and stole their data. Chubb is a cybersecurity insurance company, so while no lives will be put at risk directly due to this attack, hospitals that may suffer from attacks by other cyber-criminal groups may have to wait for a while before they receive their financial compensation. As we’re in the middle of a crisis that has placed hospitals in great stress already, this is still quite bad.
Thankfully, people are working in the opposite direction too, helping hospitals that suffered a cyber-attack get back on their feet quickly. Coverware and Emsisoft have partnered to offer their help to healthcare providers and COVID-19 responders utterly free of any charge. They are willing to conduct a technical analysis of the ransomware strain that hit a hospital, develop a decryption tool if possible, and finally negotiate the ransom and handle the transaction process if unlocking the files is impossible. At the same time, Sucuri is offering one year of free firewall services to those engaged in the management of the virus outbreak, providing something that could stop the infections before they take place.
All in all, ransomware infections are increasing, and the targeting of hospitals becomes even more intense. That said, this is no time for IT teams in any organization to loosen cybersecurity defenses hoping that malicious actors will give hospitals a break. They haven't, they aren’t, and they won’t.