Hospitals Still Being Attacked Despite Big Fall in Ransomware

Published at: April 16, 2020

The number of ransomware attacks globally has dropped significantly since the coronavirus crisis intensified in March, according to a new report from Chainalysis.

The blockchain analytics firm said the drop was particularly significant given there were growing concerns over the impact of ransomware attacks against hospitals and other healthcare organizations during the crisis.

Hospitals are a favoured target for ransomware gangs. Security software provider Emsisoft reported that over the course of 2019, at least 764 healthcare providers in the U.S. had been attacked. In mid-March Emsisoft publicly implored ransomware gangs to stop targeting hospitals due to the potential fatal impacts during the crisis.

Hospitals still threatened

Kim Grauer, senior economist at Chainalysis, told Cointelegraph that despite the overall drop, some hospitals were still being attacked:

“Hospitals appear to be the victims of several of the recent ransomware attacks, even though the admins of some active strains ("dopplepaymer" and "maze") publicly said they would not attack hospitals during these times. This is probably because they [hospitals] can’t afford to lose access to vital, often sensitive patient data and therefore are considered more likely to pay up, especially during a health crisis.”

Chainalysis found a big drop in the USD value sent to known ransomware addresses. In February the figure was approaching $2 million, but it fell to below $500,000 in March. The number of addresses also fell significantly in March. As not all ransomware addresses are known, the onchain data is not comprehensive. Grauer said its results were indicative however:

“One important caveat in our ransomware research is that the total number of ransomware incidents is always hard to quantify because there is a massive underreporting problem. That being said, nothing seems to have fundamentally changed for the criminals carrying out ransomware attacks over the past few months.”

CEO of Coveware backs up findings

Chainalysis reached out to Bill Siegel, CEO of Coveware, to see if their conclusions were correct. He said: “I haven’t seen a major material increase in attacks. Healthcare providers remain a frequent target, but the stakes are much higher now. “More people will probably care if a big hospital is attacked and patient care is impacted, but criminals don’t seem to care.”

Siegel noted scammers have been incorporating COVID-19 in phishing emails:

“There’s been a gargantuan explosion of phishing emails related to Covid-19. People are getting so many legitimate emails from their employers and vendors about the virus that ransomware attackers have an opportunity to blend in.”

Siegel said he had also notice an increase in ‘Mamba’ ransomware attacks, which avoids the phishing emails/malware infection route and instead directly attacks the victim’s network to encrypt their files with encryption software called Jetico: 

“We’re not sure why Mamba attacks would be increasing now, but my personal theory is that skilled programmers who’d normally be at work have more time on their hands at home now.”

Tags
Related Posts
COVID-19 Ransomware Plagues Canadian Android Users
A new ransomware called CryCryptor is targeting Canadian Android users. It is distributed via multiple websites that pose as portals for a government-backed COVID-19 tracing app. According to research published by ESET on June 24, CryCryptor appeared shortly after Canada's government announced a COVID-19 tracing app that utilizes voluntary information submitted by citizens. Source: ESET Once the victim installs the fake app, the ransomware encrypts all files, leaving a "readme" note with the attacker's email instead of locking the device. For this particular attack, ransom instructions appear to only be distributed via email. An open source ransomware The ransomware’s code …
Technology / June 25, 2020
Mobile Ransomware That Doesn't Ask Victims For Crypto Emerges
A report from cybersecurity firm Check Point unveiled a new ransomware attack, where cybercriminals pose as the FBI to demand victims pay their "fine" by credit card. According to the April 28 report, the malware — known as "Black Rose Lucy" — is unusual, since there are no ransom payments involving cryptocurrencies like Bitcoins (BTC) and it affects users of mobile devices with Android as an operating system. Check Point had already tracked the beginnings of the malware since September 2018, originating in Russia as a "Malware-as-a-Service" (MaaS) botnet. However, it took the form of ransomware to make various changes …
Technology / April 28, 2020
New Breed of Ransomware Threatens to Expose Victoria’s Secrets
A series of ransomware attacks over the past week affected medical care, hundreds of thousands of parcel deliveries during the pandemic — and even a lingerie manufacturer. Attackers are threatening to leak sensitive data if companies fail to make the required payments. ITNews reported that the Australian logistics giant Toll Group suffered its second ransomware attack so far this year, with a type of ransomware known as “Nefilim.” Toll Group had shut down its IT system after detecting “unusual activities.” The company — responsible for delivering many hundreds of thousands of parcels per day — confirmed that the Neflim ransomware …
Technology / May 5, 2020
City’s Ransomware Denials Exposed, Still Faces 100 BTC Demand
A ransomware gang has published personal and financial data from the Californian City of Torrance online — and threatened to reveal 200GB more unless their demands are met. Calling themselves DoppelPaymer, the ransomware gang has demanded 100 Bitcoin (BTC) — worth around $700,000 — in exchange for not releasing any more files stolen in the March 1 cyberattack. The cyberattack erased the City's local backups and encrypted approximately 150 servers and 500 workstations. The release of the data is embarrassing for City officials who claimed that no private data from its 145,000 residents had been compromised in the attack. To …
Technology / April 23, 2020
Ransomware Attacks Are Way Down in the Midst of COVID-19
An April 21 report by malware lab Emsisoft showed that there was a significant drop in the number of successful ransomware attacks on the US public sector during Q1 2020. The findings show a total of 89 organizations were victims of ransomware in the first quarter of the year. And as the COVID-19 crisis deepened, successful attacks fell even lower, to levels "not seen in several years." Government entities were attacked less frequently, with those numbers going down from 19 in January to just seven in March. The same was mostly true for education: ten successful attacks in January, 14 …
Technology / April 21, 2020