INTERPOL gave a notification to hospitals about the continuous ransomware attacks throughout the 2019 Novel Coronavirus outbreak. Though a number of ransomware gangs have widely said they will be ceasing attacks on healthcare organizations that are on the front line struggling with COVID-19, a good number are still carrying out attacks. Furthermore, those attacks increased.
Escalating Attempts of Ransomware Attacks on Healthcare Organizations
In the last weekend, INTERPOL’s Cybercrime Threat Response (CTR) team noticed that the number of attempted ransomware attacks on hospitals and other institutions and infrastructure concerned with helping during the coronavirus pandemic had a big increase. INTERPOL made a ‘Purple Notice’ notifying police forces in all 194 member countries about the growing risk of ransomware attacks. As a consequence of the ransomware attacks, offering critical care to COVID-19 patients can lead to delays and may also directly result in deaths.
The medical research organization, Hammersmith Medicines Research in Great Britain, is one of the organizations that was fairly recently attacked. The organization is positioned to help with the production of a vaccine for SARS-CoV-2 when a Maze ransomware group attacked it. The attacker posted the stolen sensitive information because the company did not pay the ransom demand. The Maze gang had a press release telling that all attacks on healthcare companies will be ceased during the COVID-19 pandemic and the stolen data published on the Maze website was removed. Nevertheless, other threat groups stay very active and target healthcare companies.
Biotechnology company 10x Genomics in Pleasanton, CA reported the latest attack. As per the Sodinokibi (REvil) ransomware gang, it stole 1TB of information from the organization prior to installing their ransomware payload. A portion of that info was posted on the internet in an effort to push the organization to make the ransom payment.
In a new SEC filing, the firm stated it is cooperating with law enforcement officials and has adjoined a third-party agency to help investigate the attack. 10x Genomics says that it had the ability to re-establish normal business functions immediately, with no impact on everyday operations. It was simply very disappointing for 10x Genomics that an attack occurred during this period when researchers worldwide are frequently using our services to study and beat COVID-19.
Help Being Given to Healthcare Providers
INTERPOL’s CTR team is cooperating with medical centers and other healthcare companies which were attacked with ransomware to enable them to fight against attacks and be re-established.
INTERPOL alerts that ransomware is chiefly being passed on through malicious code in email file attachments which prompts a ransomware download upon being opened. URLs are similarly frequently employed to bring users to malicious sites for a ransomware download.
INTERPOL instructs healthcare companies to do these measures to safeguard their systems from cyberattacks and make sure to achieve a swift recovery in case of a successful attack:
- Only read email messages and download software program from reliable sources
- Do not click hyperlinks or open file attachments in email messages from an anonymous sender
- Implement email security tools to stop spam
- Back-up vital files often and save them separately your networks.
- Use the most recent anti-virus application on all system and portable gadgets
- Set-up strong passwords on all user accounts and modify them often
Attacks are likewise coming about through exploiting vulnerabilities in RDP and VPN systems, thus it is vital to keep all applications updated and to apply patches immediately. The Sodinokibi threat group has long been exploiting vulnerabilities in VPNs when attacking healthcare companies.