INTERPOL issued an advisory to hospitals concerning the ongoing ransomware attacks for the duration of the 2019 Novel Coronavirus pandemic. Although several ransomware gangs have openly expressed they will be halting attacks on healthcare companies that are directly addressing COVID-19, some are still executing attacks. Additionally, those attacks went up.
Growing Attempts of Ransomware Attacks on Healthcare Organizations over the Weekend
In the past weekend, it was discovered by INTERPOL’s Cybercrime Threat Response (CTR) team that the number of attempted ransomware attacks on healthcare providers and other establishments and infrastructure engaged with responding to the coronavirus pandemic had a great rise. INTERPOL released a ‘Purple Notice’ informing police authorities in all 194 member countries about the heightened risk of attacks. Because of the ransomware attacks, giving vital care to COVID-19 patients may possibly cause delays and can also directly cause deaths.
Hammersmith Medicines Research in the U.K., a medical research firm, is one of the healthcare companies that was just attacked. The firm is set to support the creation of a vaccine for SARS-CoV-2 when a Maze ransomware gang attacked it. The gang published the stolen sensitive data when the firm did not pay the ransom. The Maze gang gave a press release saying that all attacks on healthcare firms would be stopped during the COVID-19 outbreak and the stolen information posted on the Maze site was removed. Nonetheless, other threat groups remain highly active and target healthcare providers.
Biotechnology firm 10x Genomics based in Pleasanton, CA reported a new attack. According to the Sodinokibi (REvil) ransomware gang, it downloaded 1TB of data from 10x Genomics then deployed their ransomware payload. A part of that data was shared online in an attempt to force the company to pay the ransom.
In the latest SEC filing, the organization mentioned it is working with authorities and has hired a third-party company to assist investigate the incident. 10x Genomics states that it could bring back normal business operations quickly, without impact on daily operations. It was just notably disappointing for 10x Genomics that an attack happened at this time when researchers all over the world are extensively using our products to understand and combat COVID-19.
Support Being Provided to Healthcare Organizations
INTERPOL’s CTR team is working with hospitals and other healthcare organizations that were hit with ransomware to help them to defend against attacks and recover.
INTERPOL stated that ransomware is principally being propagated via malicious code in email attachments which activates a ransomware download upon opening. Hyperlinks are likewise often used to direct users to malicious web pages for a ransomware download.
INTERPOL tells healthcare providers to do the following actions to secure their systems from attack and make certain to have a quick recovery after a successful attack:
- Only open emails and download applications from trusted sources
- Do not click links or open attachments in emails from an unknown sender
- Set-up email security solutions to block spam
- Back-up important files regularly and keep them separately your systems.
- Install the latest anti-virus software program on all system and mobile devices
- Use strong passwords on all system accounts and change them on a regular basis
Attacks are also happening by means of exploiting vulnerabilities in RDP and VPN systems, therefore it is important to keep all software program current and to apply patches promptly. The Sodinokibi threat group exploiting vulnerabilities in VPNs upon attacking healthcare providers.