The world wants to stick together in the fight against the corona virus, and that probably also applies to criminal hackers. Several groups known for their ransomware have apparently stated that they would not attack medical facilities during the coronavirus crisis.
Lawrence Abrams, founder of the well-known IT security forum Bleeping Computer, asked several hackers how they are currently behaving. In the past, everyone had carried out major attacks using so-called ransomware. Such ransomware encrypts IT systems and the data on them and only releases them for a ransom. In the worst case, if a company or another organization is infected by ransomware, it is unable to act because its technology no longer works. The trick also works well because it often threatens to lose particularly important or personal data.
In fact, Abrams got some answers, as he reports. For example, from the group behind the “Maze” ransomware. The FBI warned of this software earlier this year because the extortionists released the captured data if the victims refused to pay. Various medical facilities have also been hit using this aggressive software. At the request of Lawrence, however, it now said: “We stop all activities against any kind of medical organizations until the situation with the virus has stabilized again.” The makers of the ransomware “DoppelPaymer” said that they would not attack any medical facilities anyway. “If we do accidentally do so, we decrypt it for free.” However, pharmaceutical companies were not spared because they would benefit from the health crisis.
Medical practices and hospitals are particularly vulnerable to cyber attacks and blackmail attempts. In the meantime, relevant parts of the health system have also been digitized and patient care must not be interrupted. Therefore, the information exchange between doctors and hospitals is at risk, as well as the internal IT of the respective institution. According to the IT security law, around ten percent of German hospitals are critical infrastructure.
There have been numerous attacks in Germany. In 2016, hackers paralyzed a hospital in Neuss; last year, several hospitals in the southwest of the country were attacked. The Federal Office for Information Security (BSI) recognized a new security standard a few months ago, which should also protect smaller clinics.
IT security companies expect more attacks
A case from the Czech Republic shows how important the protection of hospital IT is in the current situation: just under a week ago, Brno University Hospital was attacked, according to media reports, all systems had to be shut down, operations canceled and patients transferred to other hospitals. The hospital is also an important corona virus test center in the Czech Republic. To what extent the tests were affected by the attack is not known. The hospital initially did not respond to a SZ request.
Several IT security companies have since offered to help affected organizations free of charge. Coveware and Emsisoft want to support “intensive care hospitals and other healthcare facilities on the front lines of Covid-19” around the world. The two companies expect corresponding ransomware attacks to increase in the coming weeks. You would therefore help with the technical analysis of the ransomware. They also say to program decryption software and, in the worst case, to help negotiate with the extortionists and make the necessary transfers.