Sergiu Gatlan* says Interpol has warned that ransomware attacks on hospitals and health systems are increasing.
Image: johan63
The International Criminal Police Organisation (Interpol) warns that cybercriminals are increasingly attempting to lock hospitals out of critical systems by attempting to deploy ransomware on their networks during the ongoing COVID-19 outbreak.
This doesn’t come as a surprise, even though some operators behind various ransomware strains told BleepingComputer last month that they would stop targeting health and medical organisations during the pandemic.
Since then, Maze released data stolen from a drug testing company encrypted before their statement of not targeting health care, while Ryuk continues to attack hospitals despite most of them being flooded with new COVID-19 cases every day.
Russian-speaking threat actors have also attacked two European companies in the pharmaceutical and manufacturing industries in incidents suspected to involve ransomware.
Earlier this month, Microsoft said it had started to send targeted alerts to dozens of hospitals regarding vulnerable public-facing VPN devices and gateways located on their networks to help them prevent REvil (Sodinokibi) ransomware attackers from breaching their networks.
Following this trend, Interpol’s Cybercrime Threat Response team at its Cyber Fusion Centre said it “has detected a significant increase in the number of attempted ransomware attacks against key organisations and infrastructure engaged in the virus response”.
After this discovery, Interpol said it had issued a “Purple Notice alerting police in all its 194 member countries to the heightened ransomware threat”.
Attacks on hospitals can lead to deaths
Interpol’s Cybercrime Threat Response (CTR) team is currently working to gather more info on cyber threats related to the COVID-19 pandemic, as well as to help organisations targeted by ransomware to mitigate and defend such attacks.
CTR is also working closely with law enforcement agencies from member countries to investigate ransomware cases and analyse threat data to mitigate risks.
“As hospitals and medical organisations around the world are working non-stop to preserve the wellbeing of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” Interpol Secretary-General, Jürgen Stock said.
“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths.”
“Interpol continues to stand by its member countries and provide any assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them are held accountable.”
Defend against ransomware attacks
Healthcare organisations’ networks are currently targeted by ransomware operators via spam campaigns delivering malware payloads via malicious attachments.
The attackers camouflage these attachments as documents issued by health and government Agencies, containing vital information or advice regarding the pandemic.
Interpol recommends hospitals and healthcare organisations always keep their software and hardware up to date, and backup their data on to offline storage devices to block potential attacks from reaching them.
Hospitals and other organisations targeted by ransomware attacks are advised by Interpol to take the following measures to protect their systems:
- Only open emails or download software/applications from trusted sources.
- Do not click on links or open attachments in emails which you were not expecting to receive, or which come from an unknown sender.
- Secure email systems to protect against spam that could be infected.
- Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive).
- Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running.
- Use strong, unique passwords for all systems, and update them regularly.
* Sergiu Gatlan is Security/Tech News Reporter for BleepingComputer. He tweets at @serghei.
This article first appeared at www.bleepingcomputer.com.
