COVID-19 ISO Insights

Ransomware Threats Against Healthcare During COVID-19 Crisis

April 20, 2020

By: Christopher Sirota, CPCU

We recently posted about a potential increase in cyber risk for some companies that resort to having more staff work remotely, typically relying on VPN connections, during the COVID-19 outbreak to mitigate possible infections.

Now, INTERPOL (International Criminal Police Organization) has reported on an increase in ransomware threats against healthcare providers during the COVID-19 crisis.

According to the Interpol release:

INTERPOL’s Cybercrime Threat Response team at its Cyber Fusion Centre has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response. Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.

To support global efforts against this critical danger, INTERPOL has issued a Purple Notice alerting police in all its 194 member countries to the heightened ransomware threat.

Per INTERPOL, the ransomware may be spreading mostly through emails that are falsely purporting to be sent from government agencies with helpful COVID-19 information.

A related article from Bank Info Security explains that the frequency of ransomware attacks on healthcare providers remains relatively unchanged as the same time last year. The article quotes a cybersecurity expert who adds that these attacks are not limited to hospitals but also have been levied "'on research labs, medical device manufacturers and logistics companies and all of these have the potential to indirectly impact patient care and result in the loss of life.'"

The article also notes that Microsoft has monitored an increase in Sodinokibi (also known as "REvil") attacks and that attackers may use VPN updaters to infiltrate systems. A Microsoft blog further explains that:

After successful exploitation, attackers steal credentials, elevate their privileges, and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads.

Microsoft has reportedly notified "several dozens" of hospitals that may have vulnerabilities in their gateways and VPNs.