Share this article on:
There have been several reported cases of cyberattacks on healthcare organizations that are currently working round the clock to ensure patients with COVID-19 receive the medical are they need. These attacks cause major disruption at the best of times, but during the COVID-19 outbreak the attacks have potential to cause even greater harm and place patient safety at risk.
Many phishing campaigns have been detected using COVID-19 as a lure, fear about the 2019 Novel coronavirus is being exploited to deliver malware, and more than 2,000 coronavirus and COVID-19-themed domains have been registered, many of which are expected to be used for malicious purposes.
One of the largest testing laboratories in the Czech Republic, Brno University Hospital, experienced a cyberattack forcing the shutdown of its computer systems. The attack also affected its Children’s Hospital and Maternity hospital and patients had to be re-routed to other medical facilities.
Cyberattacks have also experienced in the United States, with the Champaign-Urbana Public Health District of Illinois suffering a ransomware attack that affected its website, a source of important information for people about the coronavirus pandemic. A DDoS attack was also conducted on the U.S. Department of Health and Human Services.
Some Threat Groups are Stopping Ransomware Attacks on Healthcare Organizations
While the cyberattacks are continuing, it would appear than at least some threat actors have taken the decision not to attack healthcare and medical organizations currently battling to treat patients and deal with the COVID-19 outbreak.
BleepingComputer reached out to several ransomware gangs that have previously conducted attacks on healthcare organizations to find out if they plan on continuing to conduct attacks during the COVID-19 outbreak.
The threat group behind DoppelPaymer ransomware confirmed they do not tend to conduct attacks on hospitals and nursing homes but said if an error is made and a healthcare organization does have files encrypted, they will be decrypted free of charge. That offer has not been extended to pharmaceutical companies. The Maze ransomware gang has similarly stated that all activity against medical organizations will be stopped until the “stabilization of the situation with the virus.”
Cybersecurity Firms Offer Free Ransomware Assistance During Coronavirus Pandemic
Several cybersecurity firms have announced they are offering free support to healthcare providers that experience ransomware attacks during the coronavirus pandemic, including Emsisoft and Awake Security.
Emsisoft helps ransomware victims recover their files when the decryptors provided by the attackers fail. Coveware is an incident response company that helps ransomware victims negotiate with hackers if the decision is taken to pay the ransom. The two firms will be partnering to help hospitals and other healthcare providers recover if they experience a ransomware attack. The services being provided free of charge include a technical analysis of a ransomware attack, the development of a decryption tool, if possible, and negotiation, transaction handing, and recovery assistance. Emsisoft will also develop a custom decryption tool to replace the one provided by the attackers, which will have a greater chance of success and will lower the probability of file loss.
Awake Security has announced that hospitals and other healthcare providers responding to the coronavirus pandemic will be provided with free access to its security platform for 60 days, with the possibility of an extension.
“As more IT and security workers have to operate remotely, we feel strongly that it is our moral duty to ensure the security of the infrastructure they protect,” said Rahul Kashyap, CEO, Awake Security. “We are glad to see many in the security industry step up to tackle this global crisis, and we hope others will join us in the #FightCOVID19 pledge.”
The platform monitors networks and detects threats from non-traditional computing devices, remote users logging in via VPNs, and the core and perimeter networks. The offer also includes free access to its Managed Detection and response solution which provides ongoing threat monitoring, proactive intelligence-driven threat hunting, and access to Awake Security support services.
Akamai is providing 60 days of free access to its Business Continuity Assistance Program, 1-Password has removed its 30-day free trial limit for business accounts, SentinelOne is offering free endpoint protection and endpoint detection until May 16, 2020, and Cyber Risk Aware is providing free COVID-19 phishing tests for businesses to help them prepare the workforce for coronavirus-themed phishing attacks. To support COVID-19-related healthcare communications, TigerConnect has made its secure healthcare communications platform available free of charge in the United States.