Interpol has issued a warning that hospitals and other health care institutions on the front lines of the fight against COVID-19 face escalating threats from cybercriminals.
The agency says it has detected “a significant increase” in ransomware launched against hospitals around the world that are engaged in COVID-19 response. The hackers seek to infect their systems not with a contagious disease, but with a computer virus that can freeze needed files or release confidential records unless a bitcoin ransom is paid.
Ransomware is a form of cybercrime that’s seen an alarming spike in the last few years.
The targets have been primarily local governments, schools, and businesses. Few arrests are ever made, with many of the criminals obtaining their technology and even staff on the “dark web.”
No examples of medical targets were given by Interpol, but reports are surfacing of attacks around the world.
Fortune reported that hackers recently broke into computers at Hammersmith Medicines Research, a London-based company that carries out clinical trials for new medicine. The company was in talks with other firms about potentially testing a vaccine for COVID-19.
The hackers used encryption to lock down thousands of the company’s patient records and promised to publish them online if a ransom wasn’t paid, according to Fortune.
“We have now seen a number of instances where clinical labs involved in testing, or major hospitals, have suffered ransomware attacks, where all their IT systems have been knocked down,” André Pienaar, founder of C5 Capital, a venture capital firm, told Fortune.
Several of the attacks, Pienaar said, took place in the United Kingdom and elsewhere in Europe, and were linked to an organized crime syndicate that uses a strain of ransomware known as Maze.
RiskIQ, a cybersecurity firm, said in a recent intelligence report that in late March cybercriminals targeted hospitals with Ryuk ransomware.
“Cybercriminals are capitalizing on coronavirus concerns, which has led to a spike in malicious online activity that we assess will increasingly impact healthcare facilities and COVID-19 responders,” the report said.
Ryuk ransomware has been used since 2018 by Wizard Spider, “a sophisticated eCrime group” that targets “large organizations for a high ransom return,” according to CrowdStrike.
Wizard Spider is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past. North Korean cybercriminals have also been identified as using Ryuk.
Ryuk has been connected to a late 2018 disruption of operations for Tribune Publishing newspapers, an attack on the city of Baltimore that shut down services, and, most recently, a unit of the U.S. Coast Guard.
A general hope was expressed early in the COVID-19 pandemic that cybercriminals would not zero in on hospitals and other healthcare organizations fighting to save lives.
Such hope, it seems clear, was naive.
“As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” said Interpol Secretary General Jürgen Stock.
“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths,” added the Interpol Chief.
He said that his agency would “Provide any assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them held accountable.”
According to RiskIQ, to hone in on their victims, attackers look for entry points such as unknown, unprotected, misconfigured, and unmonitored digital assets,”
Interpol reports that the ransomware appears to be spreading primarily via emails – often falsely claiming to contain information or advice regarding the coronavirus from a government agency, which encourages the recipient to click on an infected link or attachment.
“Prevention and mitigation efforts are key to stopping further attacks, particularly for frontline organizations like hospitals which are facing the highest risk.”
Interpol is encouraging hospitals and healthcare companies to ensure all their hardware and software are regularly kept up to date. They should also implement strong safety measures like backing up all essential files and storing these separately from their main systems.
Nancy Bilyeau is deputy editor of The Crime Report