Cybercrime groups are famous for taking advantage of any situation, the current coronavirus (Covid-19) outbreak included. Another ransomware attack has hit a medical facility prepped to help test possible coronavirus vaccines.
The cybercrime group behind Maze ransomware just made the promise not to target medical organizations.
The latest victim of Maze ransomware hackers is Hammersmith Medicines Research, a British company that previously carried out tests for Ebola vaccine. The facility is said to be on standby to perform medical trials on any coronavirus vaccine, reported Forbes.
Hammersmith Medicines Research Hit by Maze Ransomware
According to Computer Weekly, the attack took place on March 14, and fortunately the systems were restored without paying the ransom. “We repelled [the attack] and quickly restored all our functions,” he said, “there was no downtime,” said Malcolm Boyce, clinical director of Hammersmith Medicines Research.
It seems that the attack occurred before the Maze group announced on March 18 that they would no longer attack medical facilities. Nonetheless, the attackers successfully exfiltrated data such as patient records, and published some of them online. In a conversation with Computer Weekly, Boyce said that the attackers had sent Hammersmith Medicines Research sample files containing information of individuals that participated in previous testing trials. The cybercriminals then published some of these details on the dark web.
More about Maze Ransomware
Maze ransomware has been distributed with the help of Fallout and Spelevo exploit kits. There was a new release of the ransomware in January 2020. That campaign was delivering an upgraded version of Maze, with changes in the code mostly associated with the network connection parameters.
The local client would poll remote servers for additional instructions to provide hijacked information and data. The interesting aspect is that there were several servers listed — this mechanism showed that the criminals had created a large infrastructure of remote hosts. If one of them went down the local client would have been able to contact the next one in line.
There have been multiple cybercriminal campaigns since the coronavirus broke out. Several hospitals have been hit, and attacks will likely continue to leverage the global panic with smartly crafted baits.
The operators of Netwalker ransomware also known as MailTo recently launched an attack against the Champaign-Urbana Public Health District (CUPHD), which servers approximately 210,000 people in central Illinois. “We are working to get our website up and running,” the organization recently said via its Facebook page, later announcing that the website had already been restored. According to a spokeswoman, it has been confirmed that the organization’s system was attacked by Netwalker ransomware.
University Hospital Brno also suffered an attack related to an undisclosed and yet-to-be-identified strain of malware. The hospital is running the country’s largest Coronavirus testing labs. According to a statement by National Office for Cyber and Information Security, a team of cybersecurity specialists from the government’s computer emergency readiness team was dispatched, together with police, to assist the hospital with its recovery efforts.
These attacks could be life-threatening to patients. Some of the attacked facilities are not only taking care of patients with respiratory complications but also serving as virus-testing labs. Attacks against these facilities further complicate a critical situation which is already severe enough for governments and institutions to handle around the world.