A story in Bleeping Computer last week claims that major hacker groups vow not to target health organizations during the Covid-19 pandemic. The story centres on news coming from the hackers behind Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware.
DoppelPaymer responded to Bleeping Computer with this: "We always try to avoid hospitals, nursing homes, if it's some local gov - we always do not touch 911 (only occasionally is possible or due to missconfig in their network). Not only now. If we do it by mistake - we'll decrypt for free.” Similarly, Maze said, "We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus."
Of course, should we take the word of the criminals in a time like this? Or any time for that matter? The Register UK remains skeptical, and published their own story in response to the story from Bleeping Computer. In fact, in an update to their article, a threat analyst from Emsisoft contacted the Register saying that Maze's operators had announced just a few days ago that it had hit a medical research company in London.
What are healthcare organizations to do? As always, health organizations need to be vigilant against cyber attacks. The register quotes Emsisoft: "[while] 966 government agencies, educational establishments and healthcare providers were impacted by ransomware in 2019, not a single bank disclosed a ransomware incident. This is not because banks are not targeted; it is because they have better security." Similarly, Microsoft has reported that 1.2 million Office 365 accounts are compromised monthly, which could be cut by 99.9 per cent if organizations enforced multi-factor authentication.
The good news, for now, is if any organizations get encrypted, both Emsisoft and Coveware have announced that they would be offering their ransomware services for free to healthcare organizations during the pandemic. While it would be nice to believe that criminals would stop targeting health organizations during the current pandemic, the crisis is the perfect opportunity to strike. The reality is that healthcare workers need to focus on helping people, not decrypting files.