What you need to know
- A number of ransomware operators recently released statements promising to spare healthcare organizations from their attacks during the pandemic.
- Their promises are a mixed bag, though.
- At least one of them has already broken that promise.
With the coronavirus causing everyone to become a shut-in and moving more of their lives online, digital security is more important than ever. And while some are already taking advantage of the chaos to make a quick buck, at least some cyber criminals are following their conscience as we wrestle a global pandemic.
As BleepingComputer reports, some hacker collectives are promising to leave healthcare providers and related infrastructure along during this trying time.
The groups behind Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware have all pledged to do so in their communications with the publication or via statements they've put out. The makers of DoppelPaymer, for example, said the following:
"We always try to avoid hospitals, nursing homes, if it's some local gov - we always do not touch 911 (only occasionally is possible or due to missconfig in their network) . Not only now.
If we do it by mistake - we'll decrypt for free. But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter ) So if this happens we'll do double, triple check before releasing decrypt for free to such a things. But about pharma - they earns lot of extra on panic nowdays, we have no any wish to support them. While doctors do something, those guys earns."
The Maze collective, meanwhile, promised to dial back its efforts during the pandemic: "We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus."
Their promises may be a mixed bag, though, as the collective soon leaked information pertaining to Hammersmith Medicines Research (HMR), a medical firm that may soon be testing vaccines for the coronavirus.
Another group, those behind the Netwalker ransomware, said they would never target hospitals on purpose, but when asked if they would provide free decryption for a hospital that was erroneously targeted, they said, "If someone is encrypted, then he must pay for the decryption."
Meanwhile, private cybersecurity firms like Emsisoft and Coveware are offering free ransomware decryption and negotiation services to healthcare providers in precisely such a predicament.