Maze Ransomware Targets Coronavirus Fighting Hospitals and Labs
Never let a good crisis go unnoticed.
These wise words were recently attributed to Bill Clinton’s former chief of staff, Ram Emanuel, although in Freakonomics it is actually 1976 and has a completely different context.
Regardless of who was first to pronounce or rewrite the sentence, modern cybercriminals have listened to the advice of the heart and have increasingly carried out ransom attacks against hospitals, laboratories and other medical facilities involved in the struggle to defeat Covida-19.
We all remember the ransom, don’t we? Before the recent pandemic devoured the information cycle, ransom programs were furious as attackers seized more and more computer networks, even those used by major universities and cities to threaten to destroy data if their ransom demands were not paid in Bitcoin.
Now the bad guys in the front line are going after the people who are trying to keep us alive.
In the initial phase the Kovid-19 pirate groups promised to leave hospitals and medical organisations alone for a few weeks or until the outbreak subsided. Almost immediately after these guarantees were given, a London-based laboratory, Hammersmith Medicines Research, a facility that studied vaccines, found attacked by a takeover option known as the maze.
Soon such attacks spread all over the world. It is clear that the promises of these criminals were absolutely worthless. In the world of the Black Web, of entrepreneurship, nothing is sacred, not even human life. Maybe especially not human life, because it’s the greatest asset. Medical experts may remember Hammersmith as a garment that was part of the Ebola decision a few years ago and that is making great strides in research into Alzheimer’s disease and the Covid virus.
The labyrinth was a salvation from during the current spread of the attacks, and as one would expect, it has a clever (according to some, devilish) twist. In addition to the typical Bitcoin payment, the maze discovered in May 2019 threatens to put patient records online.
This last sting in the public disclosure of private data puts the organisation at risk of a direct violation of GDPR and threatens to lead to massive fines. Several hackers have already shown that the threat to publish documents is not meaningless. Some documents were published when organisations decided not to pay.
You know that when the International Criminal Police Organization (INTERPOL) intervenes, as is the case with the current number of burglaries in the maze, this is a serious global problem. The organisation works with private companies to develop best practices in the field of security and privacy and is actively involved in tracking and prosecuting the various perpetrators involved in this horrific game.
But ultimately, the same prevention and containment strategies that cyber security experts have been recommending for years are the solution in the field. Previously, the choice of delivery method was made via email, which contains links to download the error to your system after you clicked on it. If you don’t want to make a mistake, don’t insist.
So here’s a handy little tip you should write down somewhere on the wall next to your desk: Don’t click on links in emails if you’re not sure where they came from. Interpol has half a dozen committees to be set up immediately by the health services. These include the following:
As mentioned above, do not click on the email link and do not download the software or application until you have checked its authenticity three times.
To underline this, do NOT click on the links in the emails or open the attachments, unless you have requested or specifically requested it. In other words: If it’s an unknown sender, don’t even think about touching it.
Install advanced anti-spam protection on your email accounts. The latest generation of AI-based spam detectors has become a real challenge to select the wrong things and learn as much as possible.
Regularly back up your system files and all your data to an external drive or, more easily, to a secure account in the cloudstorage. If you have a copy of everything stored outside the office, away from your work network, it’s very easy to remove the ransom and restore the system with the latest backup.
Make sure antivirus and antivirus software is installed, run and updated on your network and on all mobile devices. Every external access point to the network is a threat vector. Regular software updates are a great necessity, so don’t ignore it, otherwise will open your network to malware and/or zero-day exploits.
You may have heard a lot, but creates strong and unique passwords for the network and all users and requires them to be changed regularly.
A final word of advice for medical organizations struggling to keep Covid-19 at the top during the fight against hacker attacks.
Look for preventive strategies, none of which require a certain level of cyber security. They only take a little time, which is certainly not enough at the moment, but if it prevents a complete failure of the system, it is worth making room. Good luck and stay out of the maze.
Incidentally, Hammersmith refused to pay the ransom for, so the pirates released some documents, although the company claims that the documents are decades old and cannot be traced.
About the author: Gary Stevens is an IT expert who works part-time at Ethereum on open source projects for QTUM and Loopring. He is also a part-time blogger at Privacy Australiawhere he discusses online security and privacy issues.
Editor’s note : The opinions expressed in this guest article are those of the author alone and do not necessarily reflect the opinion of Tripwire, Inc.