A medical facility on standby to help test any COVID-19 vaccine has been recently hit by a ransomware group that promised not to target medical organizations.
The criminals behind the maze ransomware attacks have struck once again, stealing data from a victim and then publishing it on an online platform to get them to pay the ransom demanded.
However, the Maze threat actors were the leading cybercrime gangs which pledged not to attack healthcare and medical targets just days ago.
Their new victim is Hammersmith Medicines Research, A British company that recently tested the Ebola vaccine and is on standby to perform the medical trials on any Coronavirus vaccine.
Maze Group Publishes Patient Data Online to “Encourage” Payment
The clinical director of Hammersmith medicines research, Mr. Malcolm Boyce told Computer Weekly that cyberattack, which took place on 14th March, was placed in progress, stopped, and systems restored without paying any ransom.
He said that “We repelled the attack and quickly restored all our functions”, this was absolutely before Maze announced on 18th March that it might no longer target medical organizations. However, this pledge has not stopped it from continuing in attempts to extort them.
The attackers have recently managed to exfiltrate data, in this case, patient records, and have published some of them online.
Malcolm Boyce told the computer weekly that the hackers had sent Hammersmith Medicines Research sample files containing details of individuals who participated in testing trails b/w eight and 20 years already.
The attacker then published samples of data on the dark web, I have seen the posting from the Maze group that adds Hammersmith Medicines Research as a brand new client which is how it describes victims of its attacks.
Free Help for Health Care Ransomware Victims
However, What happens next? “The criminals almost certainly haven’t yet published all the data that was stolen,” A threat analyst at Emsisoft, Mr. Brett Callow says that “Their modus operandi is to first name the companies they’ve hit on their website and if that doesn’t convince them to pay, to publish a small of the amount of their data, which is the stage this incident appears to be at with so-colled proofs,”
He says “Should the company still not pay,” he added, “More data is published, sometimes on a staggered basis, to ramp up the pressure on the company.”
Suppose if this pressure doesn’t prove enough, there have been previous cases where data is posted to notorious Russian cybercrime forums informing the recipients to use it in any way they wish.
“The threat level is the same as ever, perhaps even higher,” Callow warns, “and ransomware groups should not be provided with a platform that enables them to downplay that fact.”
At the time, Emsisoft is offering to help any hospitals and healthcare providers hit by ransomware free of charge.