Although more cybercriminals have been capitalizing on coronavirus fears, at least some ransomware gangs say they will forgo targeting healthcare facilities during the COVID-19 crisis.
BleepingComputer reached out to operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker and AKO Ransomware infections to see if they would continue attacking health and medical organizations during the pandemic.
DoppelPayer told BleepingComputer that they don’t normally target hospitals or nursing homes and will continue to abstain from this practice during the coronavirus. They also said that if they do so on accident, they’ll decrypt for free. Their decision, however, doesn’t apply to pharmaceutical companies.
Maze ransomware has also agreed to stop attacking medical organizations during the pandemic.
For healthcare organizations that do get encrypted, two software security companies — Emsisoft and Coveware — are offering to provide their ransomware services for free to healthcare facilities during the coronavirus outbreak. The services include:
- Technical analysis of the ransomware.
- Development of a decryption tool whenever possible.
- As a last resort ransom negotiation, transaction handling and recovery assistance, including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.
Ransomware has been plaguing the healthcare sector for several years now, and it is one of the sectors that is most frequently targeted by cybercriminals. Since third quarter 2016, more than 93% of all healthcare organizations have experienced a data breach, and 57% of those had more than five data breaches during the same time period. More than 300 million records have been stolen since 2015, affecting about one in every 10 patients.