Europe’s Largest Private Hospital Hit by Crypto Ransomware Amid Pandemic

Published at: May 7, 2020

Hackers infected the IT infrastructure of the largest private hospital in Europe with ransomware.

Cybersecurity news outlet, KrebsonSecurity, reported on May 6 that hackers compromised the IT systems of Germany-based private hospital, Fresenius. An anonymous source reportedly informed the outlet that the hospital’s systems were infected by the ransomware known as Snake.

The ransomware in question was discovered earlier this year, and is being actively used to target large businesses. Fresenius spokesperson, Matt Kuhn, reportedly confirmed to KrebsonSecurity that the hack took place:

“I can confirm that Fresenius’ IT security detected a computer virus on company computers. [...] As a precautionary measure in accordance with our security protocol drawn up for such cases, steps have been taken to prevent further spread. We have also informed the relevant investigating authorities.”

Kuhn also told the outlet that while some functions within the hospital are currently limited, patient care is still ongoing. He also said that Fresenius’ IT experts are currently working to solve the issues caused by the malware.

Ransomware groups attack healthcare providers amid the pandemic

Ransomware is believed by many to be the biggest threat among all existing malware. Given the strain that the coronavirus pandemic has placed on global healthcare systems, ransomware attacks on hospitals are of particular concern right now.

Cybersecurity firm, Emsisoft, has been offering free help to healthcare providers that fall victim to cryptocurrency-demanding ransomware since March. In April, Microsoft began notifying vulnerable hospitals to prepare for potential ransomware attacks.

Hackers continue to attack healthcare organizations despite a general fall in ransomware attacks amid the pandemic. At the end of April, hackers infected the infrastructure of the largest health center in Pueblo County, Colorado with ransomware. In late March, black hat hacker group, Maze, infected the infrastructure of a firm researching the coronavirus with ransomware.

Tags
Related Posts
Researchers Say Ransomware Attacks on the Rise as More People Work From Home
A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months. According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy. The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks. Lower than average ransoms A ransomware application called “Mr. Robot” has mostly targeted …
Technology / June 29, 2020
Beware of Fake Ransomware Decryption Tools
As free ransomware decryptor tools begin to enter the market, a wave of fake software that claims to decrypt ransomware-affected files has begun to proliferate. According to a report released by Bleeping Computer on June 5, the creators behind Zorab ransomware released a fake STOP Djvu decryptor. Instead of recovering a victim’s data however, this software appears to encrypt their files further with a second ransomware. When the victim opens one of these tools, the software extracts an executable file called crab.exe. This is the Zorab ransomware itself. Once executed, the tool will encrypt all files present with a .ZRB …
Technology / June 7, 2020
Another Free Ransomware Decryptor Released
Malware lab, Emsisoft, released a free decryptor tool on June 4. The tool enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom. Researchers from the BlackBerry’s security unit first discovered the ransomware. They stated in TechCrunch that Tycoon uses a Java file format to make it more difficult to detect before deploying its payload that encrypts the files. How does Tycoon work Speaking with Cointelegraph, Brett Callow, threat analyst of Emsisoft, said: “Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on …
Technology / June 6, 2020
Interpol Teams Up With Kaspersky to Declare ‘Anti-Ransomware Day’
International crime-fighting organization, Interpol, joined forces with cybersecurity firm, Kaspersky, to launch a campaign called “Anti-Ransomware Day”. The date is set on the third anniversary of the most significant ransomware attack on record, WannaCry. According to the announcement, the May 12 holiday will raise awareness about the effects of ransom-centric cyberattacks which continue to affect people and businesses all over the world. A study revealed by Kaspersky reported that until October 2019, WannaCry held the title of the most significant ransomware attack ever executed. Companies affected by WannaCry attacks suffered losses averaging $1.46 million. Other expenses affect the targeted companies …
Technology / May 13, 2020
Ransomware Victims Are Fighting Back Against Their Attackers and Winning
The No More Ransom decryption tool repository, an initiative launched by Europol to combat ransomware attacks, has saved individuals $632 million in ransom demands since 2016. According to the announcement published by Europol, the repository is celebrating its fourth anniversary. Over the past four years, the repo has gathered over 4.2 million visitors from 188 countries thanks to a compilation of tools from 163 partners. The initiative’s website lists 100 different tools covering 140 different families of ransomware. Covering a wide range of ransomware decryptors The project’s largest contributor is the malware lab, Emsisoft, which has contributed 54 tools so …
Technology / July 27, 2020