Ransomware operates decide not to attack health org during pandemic
Our team reached out some ransomware operators last night to ask whether they continue targeting heath and medical organizations during the outbreak. They stated in negative saying no, they will no longer target the said organizations during the pandemic Coronavirus (COVID-19).
DoppelPaymer was the first who responded to this they will not target the hospitals or nursing homes during the pandemic (however, it is their casual approach to not target these organizations):
“We always try to avoid hospitals, nursing homes, if it’s some local gov – we always do not touch 911 (only occasionally is possible or due to missconfig in their network) . Not only now.
If we do it by mistake – we’ll decrypt for free. But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter ) So if this happens we’ll do double, triple check before releasing decrypt for free to such a things. But about pharma – they earns lot of extra on panic nowdays, we have no any wish to support them. While doctors do something, those guys earns.”
Also, they told that the victim can contact them on their email or Tor web page to provide proof and get a decryptor in case a medical organization gets encrypted.
Maze operators responded to this query in a press release that they will stop all activity against all kinds of medical organizations till the end of the pandemic:
“We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus.”
However, we did get any respond whether they would provide free decryptor for the victim the same way the DoppelPaymer Ransomware operators claimed to do so.
Security companies tried to putted their effort as well as. The companies like Emsisoft and Coveware now would offer free services for the healthcare organization during the pandemic. The organizations can get the following benefits from the security companies:
- Ransomware tech analysis
- Decryption tool development, if possible
- Data decryption service with a custom tool that will recover the data faster with the less change of data loss
Such helps should greatly be appreciated.