Ransomware up 36%: Healthcare can't rely on the kindness of hackers during coronavirus outbreak

News by Rene Millman

Cyber-criminals say they won’t attack healthcare IT systems, but security pros expect ransomware onslaught to continue - with attacks up 36% says Positive report: Avast, Twitter act to aid public.

Medical organisations should not trust cyber-criminals who have said that they won’t attack infrastructure during the coronavirus outbreak, according to industry figures.

Marco Essomba, founder of iCyber-Security, told SC Media UK that certain malware campaigns can cause huge amounts of collateral damage, such as Petya’s inadvertent impact on the global manufacturing industry.

“For this reason, we shouldn’t fully trust popular ransomware operators like Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako to fully avert inflicting collateral damage on the healthcare and medical industries,” he said.

Essomba made the comment after reporters from Bleeping Computer got in touch with the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to find out if they would continue to attack healthcare organisations while the epidemic was ongoing.

Reports said that the DoppelPaymer and Maze ransomware operators would suspend attacks until the end of the pandemic (DoppelPaymer said it never targets hospitals or nursing homes).

Essomba said that when it comes to protecting healthcare and medical organisations, his advice remains the same: a defence-in-depth approach must be adopted to ensure that many layers of protection are in place to defend critical infrastructures as well as any sensitive digital assets.

“This begins with a strong and effective data backup strategy with regular tests conducted to ensure data confidentiality, integrity and availability remains fit for purpose if disaster strikes. Secondly, a robust endpoint protection solution must be deployed and combined with traditional malware protection and behaviour analysis to detect and deter even the most advanced malware attacks. Finally, it’s vital security technology controls such as regular vulnerability assessments, web application firewalls, network content scanners, network intrusion protection systems, and data leakage prevention systems are in place, to augment healthcare and medical organisations’ ability to defend better against even the most persistent ransomware operators,” he said.

The news of a possible ransomware hiatus comes as the latest Positive Technologies Cybersecurity Threatscape Q4 report found that the percentage of ransomware attacks has grown - 36 percent for organisations and 17 percent for individuals, versus 27 percent and seven percent, respectively, in the previous quarter. Attacks of Sodinokibi, Maze, Ryuk, and Bitpaymer ransomware are among the most aggressive malware used by attackers.

Positive Technologies analyst Yana Avezova said that companies have started paying more attention to making backups in the case of an attack.

“Attackers have become aware of this and now threaten their victims with further consequences by leaking their personal data. We found several incidents where companies refused to pay the ransom, and the attackers followed through on their threat,” she said.

However, other cyber-criminals are cashing in on the pandemic by releasing malicious apps masking themselves as fake Covid-19 (Coronavirus) tracking apps or even fake "cures" for the disease. Similarly, fake new apps have also appeared aiming to spread misinformation about the pandemic.

Avast said it would be making its mobile threat intelligence platform, apklab.io, public. Of the about 450 apps hitting Avast filters, about 35 are currently detected as malicious, and none of them are spread via official app stores such as Google Play, but instead via SMS, web URL or social engineering. The types of malware vary from ransomware to spyware, and banking trojans. What they have in common is that they attempt to misuse the current hype associated with the Covid-19, the company said in a statement.

In addition to this, Twitter said it was updating  its safety policy to prohibit tweets that “could place people at a higher risk of transmitting Covid-19”. This includes a number of different things, such as denying expert guidance, or tweets that misleadingly pretend to be from health authorities.  The new guidelines will require users to remove offending tweets before they can tweet again – and they will be notified of this via email.

Jake Moore, cybersecurity specialist at ESET, told SC Media UK that hopefully, if there is anything good that can come out of this situation, it will be that people start to think before they tweet from now on.

“Incorrect advice can have incredibly damaging effects socially, but sometimes a crisis can bring about a tipping point where people begin to take social and online safety more seriously.” He said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews