Ransomware attack hits Champaign-Urbana Public Health District

Champaign-Urbana Public Health District's website was taken down by a ransomware attack, hampering the organization's response efforts amid the Coronavirus pandemic.

The attack, which is attributed to the ransomware variant known as NetWalker, shut down the organization's website, which was providing updates and information on the Coronavirus response efforts. The News-Gazette in Champaign, Ill., first reported the ransomware attack, stating that employees became aware of the attack on Tuesday.

SearchSecurity contacted the Champaign-Urbana Public Health District, but the organization said via its Facebook account that it could not comment, adding that all current information can be found in the News-Gazette article.

Champaign-Urbana Public Health District made updates available on the organization's Facebook page. For those citizens who don't have access to Facebook, an alternative email and phone number were also provided. Late Thursday night, the organization announced via Facebook that its website was back up, though it did not provide any additional information about the attack or the recovery.

On Wednesday, security vendor RiskIQ released an intelligence brief titled, "Ransomware Attacks the Next Consequence of the Coronavirus Outbreak," in which threat researchers assessed "with a moderate-high level of confidence that cybercriminals will leverage the global anxiety surrounding the coronavirus outbreak to execute ransomware attacks."

Their assessment is based on analysis of past ransomware attacks during global pandemics and current phishing campaigns utilizing the Coronavirus. RiskIQ's research suggests victims will be infected with the "AZORult and Emotet varieties of malware."

"Once infected, COVID-19 responders have little recourse," Aaron Inness, protective intelligence analyst at RiskIQ, told SearchSecurity. "If they do not pay the ransom, response downtime and the related healthcare impacts, as well as loss of medical records and other sensitive information could all be impacted."

Ransomware attacks on healthcare facilities, in general, have increased since 2016, according to RiskIQ research.

"Cybercriminals tend to go after direct patient care facilities such as hospitals, healthcare centers, medical practices and health and wellness centers; all likely responders to the COVID-19 pandemic. We expect the upward trend of ransomware attacks on these providers to continue as the COVID-19 pandemic persists," Inness said. "We were able to take the general success rate of phishing in the business environment, which one study estimates to be 27% across all verticals prior to taking phishing awareness training and make approximations on COVID-19-specific phishing emails based on this data."

In times of crisis, threat actors look to take advantage of increased electronic communications, he said.

"Many organizations are sending correspondence with guidance on company policies surrounding the COVID-19 epidemic. This creates an avenue for attackers to send messages masquerading as health-related updates, which may be met with less scrutiny from a recipient," Inness said.