As if hospitals around the world didn’t have enough to deal with during the COVID-19 pandemic, in early April Interpol warned healthcare institutions about an increased ransomware threat. It said it had “detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”
The pandemic is something of a perfect storm for cyber criminals. Targeting tired, overworked healthcare professionals with emails purporting to contain important updates about coronavirus is a particularly nasty and cynical piece of social engineering. And if a ransomware attack takes place, hospitals are put in a situation where lack of access to their data and systems could very literally result in people dying. Not to mention a lack of trust in a time when people need to rely on medical care.
In recent years ransomware attacks have shifted from individuals to public organisations and enterprises. We are seeing the same trend in South Africa, with the high profile attacks on City Power, Johannesburg’s electrical utility, and the City of Johannesburg in 2019, and more recently an attack on the stolen vehicle recovery company, Tracker.
To get an overview of recent ransomware developments, we rounded up our partner, Acronis’s coverage of ransomware as a useful reference:
Ryuk Ransomware Strikes Again: Second Outbreak Hits Louisiana (And, according to this article, Ryuk has targeted hospitals in the US since the outbreak of COVID-19.)
Most recently, Acronis alerted us to new ransomware that has emerged in Europe, called CoronaVirus. Attackers distribute the ransomware through a fake website pretending to promote WiseCleaner, system optimisation software.
Acronis’s existing AI-powered Acronis Active Protection defence, which is included in all its cyber protection solutions, successfully stopped more than 400,000 ransomware attacks last year, preventing an estimated $200 million in damages. And with the launch of Acronis Cyber Protect Cloud this month, combined traditional data protection and classic cyber security services are going to address all five pillars of cyber protection: Safety, Accessibility, Privacy, Authenticity, and Security. This results in a two-pronged approach: use AI to knock down ransomware and other attacks before they have a chance to take root, and if something somehow gets past those defences, recover any compromised data from a recent backup.
Written for publication on the Synapsys website on 15 April 2020