Anyone who’s shocked as bitcoin-seeking cyberthieves target hospitals with ransomware during the COVID-19 pandemic should remember that scams targeting another viral plague—HIV/AIDS—show no sign of abating after nearly four decades.
Indeed, that is exactly what’s happening, according to blockchain analysis firm Chainalysis, which released a report on April 14 titled, “Ransomware attackers aren’t sparing anyone during COVID-19.”
Despite that grim title, Chainalysis actually found that hospitals and medical providers don’t seem to be getting attacked more frequently. The problem is that they were already high on the list of ransomware targets, and that isn’t changing.
Chainalysis quoted Bill Seigel, CEO of ransomware incident response firm Coveware saying that was has changed is the impact of these attacks, which generally encrypt computer systems and data, demanding payment in bitcoin for the key codes to unlock them.
“I haven’t seen a major material increase in attacks. Healthcare providers remain a frequent target, but the stakes are much higher now,” he said. “More people will probably care if a big hospital is attacked and patient care is impacted, but criminals don’t seem to care.”
More attacks coming
Unfortunately, Chainalysis’ assessment about the frequency of healthcare-focused ransomware attacks during the coronavirus outbreak isn’t shared by other cybersecurity experts and law enforcement agencies.
On April 16, the Wall Street Journal [subscription required] cited Interpol’s director of cybercrime saying that the agency “has seen a significant increase in attempted attacks this month on organizations and infrastructure involved in coronavirus response efforts.”
Hospitals from Illinois to the Czech Republic have been hit recently, it added. In March, the Champaign-Urbana Public Health District, about two hours south of Chicago, paid $350,000 to unlock its computers. Around the same time, Brno University Hospital, a major Czech medical center, was paralyzed for days by a similar attack, forcing ambulances to be rerouted and patients transferred.
It found “assaults on healthcare facilities are up 35% between 2016 and 2019,” according to the research brief.
Targeting the weak
Nor is the fact that hospitals are so overwhelmed with COVID-19 victims that they can afford the temporary loss of patient data and ability to communicate even less than usual the only problem.
It is that hospitals and other healthcare facilities’ defenses are weaker now. RiskIQ noted that many medical facilities’ support and IT staffs are working from home, making it harder to protect systems with tools like firewalls and network monitoring no longer usable.
More than 90% of these attacks target direct patient care facilities, notably hospitals and healthcare center (51%) and medical practices (24%), and health and wellness centers (17%), the company said.
Beyond that, 70% of the ransomware attacks were on small facilities—with fewer than 500 employees—”likely due to their lean security support” staffs, RiskIQ added.
Worse, it also cited a March Wall Street Journal article that found decryption keys were totally effective at restoring data less than half the time.
Coronavirus slams crypto scams
It’s also worth noting that according to a report Chainalysis issued four days earlier, on April 10, cryptocurrency scammers are turning to coronavirus-related concerns for “new narratives with which to ‘pitch’ their victims, usually over email.”
Phishing scams are asking for donations by claiming to be from groups fighting COVID19, such as the U.S. Centers for Disease Control and Prevention (CDC). And blackmail scams now contain threats to spread COVID-19 if payment is not made.
Furthermore, the April 10 Chainalysis report also found that revenues from more traditional cryptocurrency scams, such as investment and Ponzi schemes, have been slammed by coronavirus. Takings are down a third since March, it found. That makes COVID-19 an even more inviting target.