Microsoft Helps Hospitals Fight Ransomware Amid Coronavirus Pandemic

Published at: April 7, 2020

Global computing conglomerate Microsoft is notifying hospitals that are vulnerable to ransomware attacks to help prevent healthcare institutions from becoming overwhelmed amid the COVID-19 pandemic.

The firm also published recommendations to hospitals for securing their systems and preventing ransomware attacks on April 1.

Through the company’s network of threat intelligence analysts, Microsoft states that it “identified several dozens of hospitals” with vulnerable virtual private networks and other public-facing gateway applications in their systems: 

“During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare.”

The document cites REvil as an egregious offender of targeting hospitals during the coronavirus crisis, while Cointelegraph has covered the recent prevalence of Ryuk attacks targeting healthcare organizations struggling amid the pandemic.

Hospitals encouraged to engage opsec specialists

Microsoft distributed “first-of-its-kind” targeted notifications to the hospitals containing “important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits.”

Hospitals were recommended to ensure regular updates for VPN and firewall configurations, greater monitoring of remote access infrastructure, and strengthened protocols for responding to breaches.

They are advised to seek greater engagement with operational security professionals and to schedule regular audits. 

Microsoft is also participating in the "Tech Against Corona" initiative alongside roughly a dozen tech companies to freely provide technology to the Dutch government to fight coronavirus — which includes efforts to help hospitals fight ransomware.

Maze and DoppelPaymer pledge not to attack hospitals

Some ransomware and darknet marketplace operators have taken a rare moral stance amid COVID-19. 

The operators of both Maze and DoppelPaymer have claimed that they will not launch ransomware attacks targeting hospitals during the pandemic.

Anonymous free-market Monopoly has also announced it will permanently ban all vendors caught using COVID-19 as a “marketing tool” — including selling purported coronavirus treatments, facemasks and toilet paper.

Dark web analysis firm Digital Shadows also found that the darknet community has exhibited “atypical” behavior in recent weeks, such as “discouraging other users from profiting off the pandemic, and “providing health and safety information.”

Tags
Technology
Coronavirus
Ransomware
Microsoft
Vpn
Related Posts
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
Ransomware Targets Outdated Microsoft Excel Macros to Deploy Attacks
Microsoft Security Intelligence alerted users to a type of ransomware, called Avaddon, that uses Excel 4.0 macros to distribute malicious emails. These emails contain attachments which deploy an attack when opened in any version of Excel. Avaddon ransomware emerged in early June through a massive spam campaign that randomly targeted its victims. Some patterns seem to indicate that the ransomware mostly targets Italian users. Impersonating Italian officials As BleepingComputer reports, the attackers behind the ransomware are recruiting “affiliates” to spread the payload. According to their analysis, Avaddon’s average ransom amount is around $900, paid in crypto. The attack commonly impersonates …
Technology / July 3, 2020
Ransomware Attacks Are Way Down in the Midst of COVID-19
An April 21 report by malware lab Emsisoft showed that there was a significant drop in the number of successful ransomware attacks on the US public sector during Q1 2020. The findings show a total of 89 organizations were victims of ransomware in the first quarter of the year. And as the COVID-19 crisis deepened, successful attacks fell even lower, to levels "not seen in several years." Government entities were attacked less frequently, with those numbers going down from 19 in January to just seven in March. The same was mostly true for education: ten successful attacks in January, 14 …
Technology / April 21, 2020
Baseline Developers Propose DTL-Based Coronavirus Contact Tracing
Developers working on Baseline, an enterprise smart contract and tokenization platform developed by Microsoft, Ernst & Young, and ConsenSys, are working to solve several flaws identified with Apple and Google’s proposal for coronavirus tracking initiatives. Google and Apple propose a contact tracing solution that would add cross-platform APIs that allow health authorities to monitor users. Both brands have discussed rolling out related software updates next month. The plan suggests using a phone’s Bluetooth Low Energy to detect other devices within 30 feet of each other. This would allow infected individuals to be identified through proximity detection. For people who come …
Technology / April 17, 2020
IT Firm Helps Healthcare Providers Fight Crypto Ransomware Amid Coronavirus
As the novel coronavirus crisis continues, a cybersecurity firm has started offering free help to healthcare providers that fall victim to cryptocurrency-demanding ransomware. According to an announcement on March 18, cybersecurity firm Emsisoft partnered with incident response company Coveware to allow free access to ransomware-related services at no cost to healthcare providers. The initiative aims to get the impacted organizations operational in the shortest time possible to reduce the impact on patient care to a minimum. “A perfect storm” According to the firm, ransomware attacks have a seasonal aspect with the number of incidents spiking during the spring and summer …
Technology / March 19, 2020