Known ransomware operators have confirmed that they won’t be targeting medical establishments or other important services until the coronavirus pandemic is over. This comes a week after reports of attacks by hackers that did look to take advantage of the outbreak.
As the pandemic continues, this is likely to be welcomed news by healthcare sector professionals and network security specialists managing the digital infrastructure in hospitals or research institutions. Last week, it was reported how hackers were targeting people using hoax emails containing the dangerous Kodiac Remote Access Trojan malware. This kind of attack can be used by hackers to gain entry to a system, giving them time to study the target before releasing ransomware that denies administrator access to the system. In these instances, hackers usually only decrypt the system after a ransom has been paid. Most of the essential services today run on some kind of computer system linked to the internet and so a malware attack can often result in data theft, platform malfunctioning or a complete derailment of the service.
Click the button below to start this article in quick view.
The news of a healthcare embargo by some comes from Bleeping Computer who reached out to various hacking groups for confirmation, including Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomwares. While this was not exactly a universal confirmation from the hacking industry, the news that some have no plans to attack any of the essential services during the coronavirus outbreak is positive. The ransomware operators who did confirm their stance were specifically stating in relation to attacks on health and medical organizations.
Hackers Helping Out, But Not All
Out of those asked, DoppelPaymer stated that they always try to avoid hospitals and nursing homes, and if they accidentally hit those establishments, they decrypt the systems for free. The group’s statement confirmed that they will continue to do so in the future. However, this did come with a caveat, considering the courtesy is not being extended to the pharmaceutical industry, or companies that falsely pose as caregiving organizations. In instances where a company or service is hacked by mistake, DoppelPaymer confirmed they can be contacted via email or through their Tor webpage to get a decryptor, after providing proof that the company falls into the protected category. Maze ransomware operators also confirmed they won’t be targeting medical establishments, although there were no promises made that attacks wouldn’t happen after the virus is contained.
According to Bleeping Computer, security firms Emsisoft and Coveware are offering up their services for free to healthcare establishments that are affected by malware during the outbreak. While it might seem strange for some of those who would normally be doing the attacking to be offering their services, it is a good reminder that coronavirus affects everyone.
More: Microsoft Takes On World’s Largest Online Criminal Network Bot
Source: Bleeping Computer
Justice League: Many People Have Seen The Snyder Cut, Say It’s Amazing