With COVID-19 spreading across the globe and presenting a major challenge to healthcare institutions, some hacker groups have pledged that they will not target healthcare organisations using ransomware for as long as the viral outbreak lasts.
BleepingComputer recently reached out to some hacker groups that are known to use ransomware to target organisations across the globe. These groups included Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako. The agency asked these groups if they will continue their attacks on healthcare organisations during this pandemic.
DoppelPaymer was the first to respond to this question. They mentioned that they normally do not target hospitals, and nursing homes and will do the same during the global crisis. The group stated that in case if a medical organisation gets encrypted, the victim can contact them on their email or Tor webpage to provide proof and get a decryptor.
While DoppelPaymer stated that they do not target healthcare organisations like hospitals and nursing homes as a principle, the operators of Maze stated in broken English that “we also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus.”
"We always try to avoid hospitals, nursing homes, if it's some local gov - we always do not touch 911 (only occasionally is possible or due to missconfig in their network). Not only now. If we do it by mistake - we'll decrypt for free,” said DoppelPaymer.
“But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter) So if this happens, we'll do double, triple check before releasing decrypt for free to such things. But about pharma - they earn lot of extra on panic nowadays, we have no any wish to support them. While doctors do something, those guys earn," they added.
Healthcare organisations must stay on full alert to defend against ransomware attacks
However, despite the claims of these hacker groups, healthcare organisations will do well to ignore such statements and continue to strengthen their cyber defences no matter how busy they are with medical emergencies. Recently, the U.S. Health and Human Services Department suffered a DDoS attack aimed at slowing down the agency’s operations in the middle of the COVID-19 outbreak in the country.
An HHS spokeswoman said the attack overloaded the HHS servers with millions of hits over several hours, but couldn’t slow down the Agency’s systems significantly. “We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.” She added.
“Certain malware campaigns can cause huge amounts of collateral damage, such as Petya’s inadvertent impact on the global manufacturing industry. For this reason, we shouldn’t fully trust popular ransomware operators like Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako to fully avert inflicting collateral damage on the healthcare and medical industries,” says Marco Essomba, founder, iCyber-Security.
“With this in mind, when it comes to protecting healthcare and medical organisations, my advice remains the same: a defence-in-depth approach must be adopted to ensure that many layers of protection are in place in order to defend critical infrastructures as well as any sensitive digital assets.
“This begins with a strong and effective data backup strategy with regular tests conducted to ensure data confidentiality, integrity and availability remains fit for purpose if disaster strikes. Secondly, a robust endpoint protection solution must be deployed and combined with traditional malware protection and behaviour analysis to detect and deter even the most advanced malware attacks.
“Finally, it’s vital security technology controls such as regular vulnerability assessments, web application firewalls, network content scanners, network intrusion protection systems, and data leakage prevention systems are in place, to augment healthcare and medical organisations’ ability to defend better against even the most persistent ransomware operators,” he adds.