Ransomware Gangs Keep Changing their Targets to the Ongoing Virus Crisis

Maze Ransomware

The pandemic of coronavirus forced most organizations to focus on how they function. And it now seems like even cybercrooks and ransomware gangs have to adapt their actions to the current viral crisis.

Phishing assaults using coronavirus as a lure in recent months have evolved rapidly as malicious hackers use it as a means of selling user names and passwords, personal information, and bank data. And there is some evidence that Ransomware organizations have stepped up their attacks against new workers from home. Some have also conducted ransomware attacks on hospitals, medical research facilities, and other major medical operations at a time when more than ever they are needed.

This is the potential risk of ransomware attacks on healthcare, Interpol cautioned about the possible harm done by cyber extortionists and reported earlier this month that a significant rise in preliminary ransomware attacks on major organizations that are engaged in virus response had been identified.

“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths,” said Interpol Secretary General Jürgen Stock.

Hospitals are not a new option for ransomware attacks and in the past, there have been a variety of cases in healthcare. The highest-profile of these incidents was when the WannaCry ransomware was targeted by the UK National Health Service. But to pursue healthcare institutions more than ever, when they are needed, marks a new low.

“Hackers are very financially motivated and healthcare and hospitals are extremely vulnerable and willing to pay right now because they can’t afford to be shut down when they’re at capacity and overflowing with coronavirus patients,” says Charity Wright, cyber-threat intelligence advisor at IntSights. “They’re very vulnerable right now, so hackers are definitely targeting healthcare and hospitals to take advantage”.

But while business is as normal for ransomware gangs, others have reported that during a coronavirus crisis they would steer away from healthcare.

One of these is the Maze ransomware community. This encryption network not only threatens to publish documents and other sensitive data, but it also threatens malware authors to publish as they are traveling across the infected network. The group stated that it should not threaten medical organizations until the global virus situation had resolved.

And it seems like several other attackers have at least raising their function in hospitals for now.

“From our attack data, we noticed that healthcare, which is normally a top-three targeted vertical, was actually the seventh most frequently targeted industry in March,” says Tom Kellermann, head cybersecurity strategist at VMware Carbon Black.

Nonetheless, this doesn’t mean that the overall number of events involving ransomware has vanished but instead attacks that may have targeted hospitals are focused elsewhere.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.