Interpol warns that crooks are increasingly targeting hospitals

Pierluigi Paganini April 07, 2020

While the Coronavirus outbreak is threatening the world, the INTERPOL warns that crooks are increasingly targeting hospitals with ransomware.

The INTERPOL (International Criminal Police Organisation) is warning of ransomware attacks against hospitals despite the currently ongoing Coronavirus outbreak.

Attackers are targeting organizations in the healthcare industry via malspam campaigns using malicious attachments. The attachments used as lure appear to be sent by health and government agencies, they promise to provide information on the Coronavirus pandemic and the way to avoid the contagion.

Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

Immediately after the beginning of the critical phase of the COVID19 pandemic, BleepingComputer reached out to the operators of the major ransomware gangs asking them if they would continue targeting hospitals.

Some of them like DoppelPaymer and Maze groups announced that they would no target healthcare organizations during the pandemic.

The gang behind the Ryuk ransomware goes against the tide and continues to target the hospitals, the group never responded to the questions of BleepingComputer researchers.

“Since then, BleepingComptuer has learned that Ryuk continues to target hospitals even while they are struggling to keep people alive during the Coronavirus pandemic.” reported BleepingComputer.

PeterM from Sophos confirmed that he is aware of a US health care provider that was hit with the Ryuk ransomware a couple of weeks ago.

According to experts from Group-IB, Russian-speaking threat actors targeted at least two companies in Western Europe in the pharmaceutical and manufacturing industries.

The tools used in the attacks were traced to Silence and TA505 – Russian-speaking financially-motivated groups.

A few days ago, Microsoft warned dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. Microsoft urges hospitals and health care organizations to implement security measures to protect public-facing devices to increase their resilience to cyber attacks.

Microsoft has also published recently details about human-operated ransomware attacks that targeted organizations in various industries.

The INTERPOL now revealed that it had detected over the weekend a significant number of ransomware attacks against key organizations and infrastructure engaged in the virus response.

“INTERPOL has issued a warning to organizations at the forefront of the global response to the COVID-19 outbreak that have also become targets of ransomware attacks, which are designed to lock them out of their critical systems in an attempt to extort payments.” reads a press release published by the Interpol.

“Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.

To support global efforts against this critical danger, INTERPOL has issued a Purple Notice alerting police in all its 194 member countries to the heightened ransomware threat.”

The Cybercrime Threat Response team also announced its efforts in monitoring all COVID-19-related threats, the police are working closely with private partners in the cybersecurity industry to gather information of cyber threats and provide support to organizations targeted by ransomware attacks.

“As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” said INTERPOL Secretary General Jürgen Stock.

“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths. INTERPOL continues to stand by its member countries and provide any assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them held accountable,” added the INTERPOL Chief.

The INTERPOL recommends hospitals and healthcare organizations keep their systems and software up to date, and to implement an efficient backup policy.

Below the recommendations provided by the Interpol to hospitals and healthcare orgs to protect their systems from a ransomware attack:

  • Only open emails or download software/applications from trusted sources;
  • Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender;
  • Secure email systems to protect from spam which could be infected;
  • Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive);
  • Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running;
  • Use strong, unique passwords for all systems, and update them regularly.
[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware, Coronavirus)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment