Cybercriminals have been capitalizing on coronavirus (COVID-19) fears to spread malware either through infected coronavirus distribution maps or by demanding ransom through malicious Android app by locking users out of their devices.
Ironically, hackers aren’t even sparing health organizations who are not only treating affected coronavirus patients but are also serving as the frontline virus-testing center.
Recently, a group of hackers known as ‘Maze’ compromised the infrastructure of Hammersmith Medicines Research (HMR), a UK-based research team on standby for developing a COVID-19 vaccine.
For those unaware, HMR performs early medical trials of medication and vaccines and has previously researched and developed an Ebola vaccine and drugs for Alzheimer’s disease.
Maze hackers stole sensitive data on medical trial volunteers, including identification documents, medical background, and the vaccination studies volunteers were put through and posted these details after the research firm declined to pay the ransom demand.
HMR discovered the “severe attack” on 14th March during which the firm’s security team was able to quickly detect and repel the attack, and restored its computer systems within the same day.
“We repelled [the attack] and quickly restored all our functions. There was no downtime,” Malcolm Boyce told ComputerWeekly, Managing and Clinical Director, and Doctor at HMR.
According to Boyce, the hackers sent them breached information of more than 2,300 patients that dated back anywhere between 8 to 20 years, and included copies of their passports, driving licenses, medical questionnaires, and national insurance numbers.
The main intention of the hacking group was to prove and let the research firm know that they had accessed the company’s sensitive data along with a ransom demand.
“We have no intention of paying. I would rather go out of business than pay a ransom to these people,” added Boyce.
After the attack on HMR, the Maze ransomware group made a public promise that they would stop attacking medical organizations until “the stabilization of the situation with the virus.” However, it warns of more attacks in the future and blamed companies who are earning billions of dollars from the internet but are not bothered about security or privacy.
Meanwhile, HMR data previously published on the hacker’s website is now no longer available, reports ComputerWeekly.
“Note that, since the ComputerWeekly report ran, the data stolen from HMR has been ‘temporarily removed’ from the criminals’ website. […] But here’s the problem. Other criminals download the data posted on these leak sites and use it for their own purposes.”
Amidst all these, several computer security companies, including Emsisoft and McAfee, have offered to provide their ransomware services for free to help medical research companies as well as hospitals fighting ransomware attacks amid the Covid-19 outbreak.