Then we’re coming for you
Friday, April 17, 2020
Who usually gets attacked? Individuals and organisations that appear frequently in media reports and those currently garnering public attention are certainly among the most likely targets. Now under the spotlight are healthcare and pharmaceutical companies as well as any organisation that in some way is related to the coronavirus.
The U.S. Health and Human Services Department suffered a cyber-attack on its computer system.
The attackers attempted to overload the department's servers by sending millions of queries in just a few hours.
That's a typical DDoS attack. Alas, attacks of this kind are readily available as a paid service, and those who aren't good at coding may choose to come to fame this way. In this particular case, the attack failed.
Criminals exploited a vulnerability in a mammography imaging device and used the Conficker worm to infect other medical devices on the hospital's network, including another mammography machine, a radiology machine, a digital imaging device, and others.
The date of the event is not reported, but these actions are illustrative for people who believe in noble hackers.
But, not all hackers are the same!
BleepingComputer reached out to various ransomware operators, such as the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware, to ask if they would continue targeting health and medical organisations during the outbreak.
DoppelPaymer was the first to respond and stated that they do not normally target hospitals or nursing homes and will continue taking this approach during the pandemic.
If we do it by mistake - we'll decrypt for free. But, as for pharma – they are making a lot of money off the panic right now, and we have no wish to support them. While the doctors are actually doing something, those guys are lining their wallets.
Some of them have a code of honour of sorts. And media outlets disseminated this information.
Here we are talking about those ransomware operators.
DoppelPaymer Ransomware operators set up a website where they will disgrace their victims who refuse to pay the ransom and publish any files that they manage to steal before the data gets encrypted.
The Maze Ransomware group has come up with a new extortion method whereby they steal data before encryption commences and subsequently use the files as leverage to force their victims to pay the ransom.
If no ransom is paid, the operator uploads the stolen files to a publicly available 'news' site to subject the victim to fines and lawsuits and possibly make sure that the attack be construed as a breach of confidentiality.
Shortly after this tactic was put to use by the criminal ring, other ransomware operators, including Sodinokibi, Nemty and DoppelPaymer, asserted that they will follow this practice too.
Now let's read carefully. But, as for pharma – they are making a lot of money off the panic right now, and we have no wish to support them.
Does this mean that those who are now working on a vaccine are regarded as legitimate targets? Apparently, hackers believe themselves to be immortal, and neither they nor their loved ones need medicine.
The Anti-virus Times recommends
According to Unit 42 at Palo Alto Networks, as many as 83% of medical devices (ranging from mammography machines to CT scanners) have a vulnerability — a 56% increase compared with 2018.
Medical devices have a long lifespan, but if they run software with loopholes or use an obsolete operating system like Windows 7, attackers can gain access to sensitive information, break into an organisation's network, and disrupt care.
We continue to provide anti-virus protection for operating systems that are no longer supported by their developers.
All medical organisations that want to use Dr.Web anti-virus software receive a substantial discount. So it has been and will always be.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Dr.Sandro
10:48:02 2020-05-26
EvgenyZ
15:43:56 2020-04-28
Niuxin
04:01:16 2020-04-25
Татьяна
21:18:12 2020-04-20
Toma
18:34:57 2020-04-20
Неуёмный Обыватель
23:13:36 2020-04-17
Masha
15:00:48 2020-04-17
Dmur
12:33:13 2020-04-17
Пaвeл
08:26:28 2020-04-17