Hackers have promised they won’t target hospitals and healthcare providers with ransomware attacks during the coronavirus pandemic, as some malicious actors look to take advantage of the crisis.
Hospitals and healthcare providers are commonly targeted by hackers with ransomware attacks, a type of malware which can lock a company from accessing its own network or files, with access only returned once a ransom payment is made.
Several ransomware operators told BleepingComputer that they wouldn’t be targeting the organisations on the frontline of the global response to the COVID-19 pandemic.
Operator DoppelPaymer Ransomware claimed it already didn’t target these types of organisations, and will be especially careful during the pandemic.
“We always try to avoid hospitals, nursing homes, if it’s some local gov - we always do not touch 911. Not only now,” DoppelPaymer Ransomware told BleepingComputer.
The group also said that if they did happen to target a health organisation with ransomware, it will decrypt the files for free.
“If this happens we’ll do double, triple check before releasing decrypt for free to such things,” it said.
While healthcare groups and hospitals will apparently be spared from cyber attacks from the ransomware operators, pharmaceutical companies are still in their crosshairs.
“But about pharma - they earns lot of extra on panic nowadays, we have no wish to support them,” DoppelPaymer Ransomware said. “While doctors do something, those guys earn.”
Maze Ransomware also said that it would be stopping all cyber attacks against medical organisations.
“We also stop all activities versus all kinds of medical organisations until the stabilisation of the situation with virus,” Maze Ransomware said.
On the other side of the equation, a number of cyber protection firms, including Emsisoft and Coveware have offered their anti-ransomware services for free to healthcare organisations. This could include a technical analysis of any ransomware targeted against them, the development of a decryption tool and ransom negotiation as a last resort.
“This is the worst possible time for a healthcare provider to be impacted by ransomware,” Emsisoft’s Brett Callow told BleepingComputer.
“We want to ensure that they’re able to return to normal operations as quickly as possible so that patient care is minimally disrupted.
“We’re all in this together, and both companies and individuals need to be doing whatever they can to help each other.”
There have already been hackers found to be exploiting the coronavirus pandemic, including a recently discovered Windows ransomware campaign, dubbed Netwalker, which has used Coronavirus-themed emails to target the healthcare sector.
Hospitals are a common target of ransomware targets, with some of the largest regional hospitals in Victoria hit by an attack from “sophisticated cyber criminals” late last year that saw many being forced to go offline.
There have also been ransomware attacks against high-profile companies in recent months, with Travelex, Toll and international car auction platform Manheim Auctions.
Travelex, the world’s largest currency exchange, was offline for several weeks following a ransomware attack late last year, with hackers reportedly demanding more than $8.5 million.
Earlier this year Toll Group was forced to take its systems offline after the logistics company was hit with a devastating ransomware attack.
And most recently, Manheim Auctions was hit with a malware attack that locked its computer networks, with the hackers demanding a $30 million ransom for the files to be decrypted.
