Recently, BleepingComputer reached out to the operators of the Maze, DopplePaymer, Ryuk, Sodinikibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they will be targeting Health Organizations during this crisis.
Here are statements from two Ransomware Gangs
DoppelPaymer Ransomware
“We always try to avoid hospitals, nursing homes, if it’s some local gov- we always do not touch 911(only occasionally is possible or due to misconfig in their network). Not only now. If we do it by mistake- we’ll decrypt for free. But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter. So if this happens we’ll do double, triple check before releasing decrypt for free to such things. But about pharma- they earn lot of extra panic nowadays, we have no wish to support them. While doctors do something, those guys earns. ” When asked what happens if some medical organization accidentally gets encrypted, BleepingComputer was told that the victim should contact them on their email or Tor webpage to give proof and get a decryptor.
Maze Ransomware
“We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with the virus.” On March 18th, Maze also leaked the data for a company named Hammersmith Medicines Research(HMR) that is on standby for testing Coronavirus vaccines in live trials. It will be interesting to see if they keep up their promise, which has already been broken.
Netwalker Ransomware
“Hospitals and medical facilities ? do you think someone has a goal to attack hospitals? We don’t have that goal- it never was. it coincidence. no one will purposefully hack into the hospital.” When BleepingComputer disagreed with this and asked if they would decrypt hospitals the encrypted by accident, this is their response to that, “If someone is encrypted, then he must pay for decryption.”
Security Companies coming
forward to Help
Emsisoft and Coveware already announced that they would be offering their ransomware services for free to healthcare organizations during the pandemic. Which includes:
Technical Analysis of the Ransomware.Development of a decryption tool.As a last resort ransom negotiation, transaction handling and recovery assistance, including the replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.
This is a really good step taken by the ransomware operators because all the attention of the medics is currently required on the pandemic itself, not decrypting files. Read More About How to Sanitize your Phone in 5 Easy Steps Internet Safety: How To Browse Internet Responsibly and Safely