Two leading cybercrime gangs who committed two of the most prolific ransomware threats promised that they will not attack healthcare and medical organizations during the coronavirus crisis. Can we believe this statement? Are they practicing basic ethics towards humanity and showing that being a barrier in human survival is not part of their business? Or are they outright exploiting this outbreak to further their cyber-attacking endeavors?
Lawrence Abrams, the head of BleepingComputer, a computer help and news site, reached out to top cybercrime groups asking, “Will you continue to target health and medical organizations during the COVID-19 pandemic?” Surprisingly, the cybercriminal group behind the DoppelPaymer ransomware threat have replied that they “always try to avoid hospitals, nursing homes” and when targeting local governments, they “do not touch 911,” although they have admitted that they unintentionally hit emergency communications due to network misconfigurations. The cybercriminal group behind the Maze ransomware threat said they are taking the same direction and that they will not attack medical organizations until “the stabilization of the situation with the virus.”
The DopplePaymer group, the human-operated ransomware criminals, reassures basic decency towards human lives. It seems they have drawn moral lines in areas in which they choose to operate and that they have historically taken this stance, not only for this outbreak. They have also conveyed that should they become aware that a medical or healthcare organization gets unintentionally cyber-attacked by them, they will provide a free decrypter code. However, pharmaceutical companies are not included in their “ransomware amnesty.” The group has “no wish to support them” as pharmaceutical companies already “earn a lot of extra on panic.”
The Maze group, however, did not directly reassure whether a decrypter would be given if they unintentionally attacked a healthcare organization.
The decision to not attack critical organizations specifically during a crisis may not come from altruism, however. Ian Thornton-Trump, the CISO at Cyjax, a leading cybersecurity company, noted that law-enforcement response would be overwhelming towards attacks during a time of crisis. He threateningly urged cybercriminals to “shut down operations completely for the duration of the coronavirus pandemic, lest you draw the ire of an angry nation with significant cyber capabilities of their own.”
For cybercriminals, whether having altruism or not, their intention to avoid attacking healthcare organizations is difficult to follow through in actuality as external-facing IP addresses do not necessarily identify whether the targeted organization is in healthcare.
As of yet, other leading cybercrime groups that were reached have not yet responded to their stance and action plan with attacks on healthcare and medical organizations. Jack Moore, a cybersecurity specialist at ESET, reminds that different groups have different levels of ethics and moral consciences.
With the coronavirus pandemic, we get to see that the best of humanity with exercise of altruism and also the worst due to fear and profitmaking greed. During this outbreak and dichotomy of morally conscience and greedy directions derived from human health and safety concerns, it is advised that healthcare and medical companies do not become complacent with their cybersecurity measures.