Gajus - Fotolia
As the coronavirus pandemic continues to overwhelm healthcare and medical facilities, another complication has surfaced: the possibility of a ransomware attack, which have been shown to spike during the spring and summer months, according to antimalware vendor Emsisoft.
In anticipation of such attacks, Emsisoft and incident response company Coveware partnered for an initiative to give healthcare providers access to both companies' complete range of ransomware response services at no cost for the duration of the crisis. The aim is to get impacted providers operational again in the shortest possible time so that patient care is minimally disrupted, Emsisoft threat analyst Brett Callow said.
In the event of a ransomware attack, Emsisoft and Coveware will provide services to hospitals and medical facilities that include technical analysis of the ransomware; the development of a decryption tool, if possible; and "as a last resort, ransom negotiation, including transaction handling and recovery assistance including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss," according to a blog post from Emsisoft.
Bill Siegel, CEO of Coveware, cautioned that a ransomware attack on a healthcare organization will still have devastating consequences, regardless of how Emsisoft and Coveware can mitigate it. "Even with our help, it will likely result in unnecessary causalities because of the disruption," Siegel said.
Bracing for ransomware attacks
Emsisoft's blog said, "it is likely that there will be an increase in the number of healthcare providers impacted by ransomware in the coming months and unfortunately this increase may coincide with the peak of the COVID-19 outbreak. Further, the spikes may be more pronounced than in previous years due to security weaknesses resulting from hastily introduced work-from-home arrangements, personal device usage and staffing shortages."
A ransomware attack could hinder response efforts, communications and treatments during the pandemic.
Even prior to the pandemic, healthcare facilities were a common target of ransomware attacks. At least 764 healthcare providers were impacted by ransomware in 2019, according to the Emsisoft report, titled "The State of Ransomware in the U.S.: Report and Statistics 2019."
However, two ransomware gangs, Maze and DoppelPaymer, announced Wednesday they would cease ransomware attacks on medical and healthcare facilities during the COVID-19 pandemic. Despite these promises, the problem persists, according to Callow.
"I saw a medical research company in the U.K. was attacked a couple days ago by a group who steals data and threatens to release it if you don't pay," Callow said, referencing the Maze group.
Siegel said he hopes the promise made by ransomware gangs is genuine.
"It will be interesting to see if Defray/777 ransomware affiliates adhere, as that variant almost exclusively targeted healthcare providers prior to the pandemic," Siegel said.
Since the announcement on Wednesday, no one has yet to take up the free offer, and both Callow and Siegel said they hope no one will need to.