Security Advisories

Cybercriminals targeting critical healthcare institutions with ransomware (COVID-19)

Summary

Hospitals and other institutions that are working as the first line of defence in the fight against the coronavirus (COVID-19) are facing threat from cybercriminals. They have become targets of ransomware attacks, which are designed to lock them out of their critical systems to extort a ransom.

INTERPOL’s Cybercrime Threat Response team at its Cyber Fusion Centre has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response. Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing

them from accessing vital files and systems until a ransom is paid.

Analysis

The ransomware appears to be spreading primarily via emails – often falsely claiming to contain information or advice regarding the coronavirus from a government agency, which encourages the recipient to click on an infected link or attachment.

In this regard, prevention and mitigation efforts are key to stopping further attacks, particularly for frontline organizations like hospitals which are facing the highest risk.To minimize the risk of disruption in the event a ransomware attack does occur,

hospitals and healthcare companies should ensure all their hardware and software are regularly kept up to date. They should also implement strong safety measures like backing up all essential files and storing these separately from their main systems.

Protection

There are several steps hospitals and others can take to protect their systems from a ransomware attack:

  • Only open emails or download software/applications from trusted sources;
  • Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender;
  • Secure email systems to protect from spam which could be infected;
  • Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive);
  • Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running;
  • Use strong, unique passwords for all systems, and update them regularly.
  • If possible employ Security Operations Center Services (SIEM, SOAR, TI, etc)


Ref: Interpol media release of 4th April, 2020