The INTERPOL (International Criminal Police Organisation) warns that cybercriminals are increasingly attempting to lockout hospitals out of critical systems by attempting to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak.
This doesn't come as a surprise even though some operators behind various ransomware strains have told BleepingComputer last month that they will stop targeting health and medical organizations during the pandemic.
Since then, Maze released data stolen from a drug testing company encrypted before their statement of not targeting healthcare, while Ryuk continues to attack hospitals despite most of them being flooded with new COVID-19 cases every day.
Russian-speaking threat actors have also attacked two European companies in the pharmaceutical and manufacturing industries in incidents suspected to involve ransomware.
Last week, Microsoft said that it has started to send targeted alerts to dozens of hospitals regarding vulnerable public-facing VPN devices and gateways located on their networks to help them prevent REvil (Sodinokibi) ransomware attackers from breaching their networks.
Following this trend, INTERPOL’s Cybercrime Threat Response team at its Cyber Fusion Centre said over the weekend that it "has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response."
After this discovery, the INTERPOL says that it has issued a "Purple Notice alerting police in all its 194 member countries to the heightened ransomware threat."
Attacks on hospitals can lead to deaths
INTERPOL's Cybercrime Threat Response (CTR) team is currently working to gather more info on cyber threats related to the COVID-19 pandemic, as well as provide help orgs targeted by ransomware to mitigate and defend such attacks.
CTR is also working closely with law enforcement agencies from member countries to investigate ransomware cases and analyze threat data to mitigate risks.
"As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients," INTERPOL Secretary General Jürgen Stock said.
"Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths.
"INTERPOL continues to stand by its member countries and provide any assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them held accountable," he added.
#Cybercriminals are using #ransomware to target critical #healthcare institutions which are already overwhelmed by #COVID19. Learn how @INTERPOL_Cyber is helping #police and organizations deal with this threat: https://t.co/RZGtVmnXSL
— INTERPOL (@INTERPOL_HQ) April 4, 2020
Defend against ransomware attacks
Healthcare orgs' networks are currently targeted by ransomware operators via spam campaigns delivering malware payloads via malicious attachments.
The attackers camouflage these attachments as documents issued by health and government agencies, containing vital information or advice regarding the pandemic.
The INTERPOL recommends hospitals and healthcare orgs to always keep their software and hardware up to date, and to back up their data onto offline storage devices to block potential attacks from reaching them.
Hospitals and other organizations targeted by ransomware attacks are advised by the INTERPOL to take the following measures to protect their systems:
• Only open emails or download software/applications from trusted sources;
• Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender;
• Secure email systems to protect from spam which could be infected;
• Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive);
• Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running;
• Use strong, unique passwords for all systems, and update them regularly.
Comments
Some-Other-Guy - 4 years ago
Send in the Clowns!
R-K - 4 years ago
Virus will infect those ransomware cyberterrorists to teach them regret.
What will happen when those ransomware cyberterrorists die of virus?
Some-Other-Guy - 4 years ago
Just the facts.....
Microsoft updates will teach everyone regret
All Windows computers must die of virus!
R-K - 4 years ago
Shut up. You're annoying.
Some-Other-Guy - 4 years ago
Shut up. You're even more annoying.
R-K - 4 years ago
You really are annoying.
How could you admire malice ransomware we loathe so much?
Will you don't matter, when ransomware affect hospitals to keep poor innocent patients hostages?
Some-Other-Guy - 4 years ago
Concentrate on the real problem
If you get ransomware, you are doing something wrong or using the wrong software
You will never change EVERYONE, but you can change YOU!
Easy Peasy
R-K - 4 years ago
I'm still victim of ransomware.
Some-Other-Guy - 4 years ago
and you will be again!
Changing the Laws will not fix your problem
You must change YOU!
R-K - 4 years ago
"You must change YOU!"
I'll never change from furious hatred of all ransomware cyberterrorists & cybercriminals.
You won't change from supporting ransomware.
R-K - 4 years ago
You are such a ignorant weirdo. You don't help and sympathize with innocent victims of ransomware like me.
Some-Other-Guy - 4 years ago
Thanks for the complement
Glad I could help
R-K - 4 years ago
If ransomware affect WHO, those ransomware cyberterrorists must be put to DEATHS.