Generic selectors
Exact matches only
Search in title
Search in content
Facebook Fanpage
Twitter Feed
621 Following
Apple Says iMessage on Android ‘Will Hurt Us More Than Help Us’ https://t.co/1JrQAYndLJ via @techbooky https://t.co/PmmgOT9FQX
Samsung’s Prototyped Galaxy OS Exclusively Entices iPhone Users — A Game Over As scheme https://t.co/kY2kbGRFLI via… https://t.co/nw6hKbzrAz
YouTube’s Parents Company, Google Updates Its Ads Policy https://t.co/6BUfBRxzjN via @techbooky https://t.co/QIlb2B1hNn
Sony Pictures Replace Starz With Netflix Streaming Services https://t.co/088Phu6YOf via @techbooky https://t.co/MxwBtVusbw
The Recent Facebook Outage also Affected Instagram But Not WhatsApp https://t.co/A7xgpP1CHJ via @techbooky https://t.co/JaN4o8LMae
Browse By Categories

Coronavirus: Ransomware Groups To Stop Attacking Health Institutions


Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

Last night, BleepingComputer reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak.

DoppelPaymer Ransomware

DoppelPaymer was the first to respond and stated that they do not normally target hospitals or nursing homes and will continue this approach during the pandemic.

“We always try to avoid hospitals, nursing homes, if it’s some local gov – we always do not touch 911 (only occasionally is possible or due to missconfig in their network) . Not only now.

If we  do it by mistake – we’ll decrypt for free. But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter ) So if this happens we’ll do double, triple check before releasing decrypt for free to such a things. But about pharma – they earns lot of extra on panic nowdays, we have no any wish to support them. While doctors do something, those guys earns.”

When asked what happens if a medical organization gets encrypted, we were told that a victim should contact them on their email or Tor webpage to provide proof and get a decryptor.

Maze Ransomware

Today, the Maze operators responded to my questions by posting a “Press Release” that also states that they will stop all “activity” against all kinds of medical organizations until the end of the pandemic.

“We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus.”

Security companies offer free help

For now, if any organizations get encrypted, both Emsisoft and Coveware announced today that they would be offering their ransomware services for free to healthcare organizations during the pandemic.

This includes the following:

  • Technical analysis of the ransomware.
  • Development of a decryption tool whenever possible.
  • As a last resort ransom negotiation, transaction handling and recovery assistance, including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.

While this help is greatly appreciated, I hope other ransomware operators will stop targeting healthcare organizations after reading this article so that it is not needed.

As this is a global epidemic, anyone could become sick with this virus, including the ransomware operator’s loved ones.

Right now healthcare workers need to focus on helping people, not decrypting their files.



This article first appeared in BleepingComputer and here’s a link to the original article. 

Previous Post

Coronavirus: Netflix Is Reducing Streaming Quality In Europe To Prevent A Collapse

Next Post

As Facebook Launches The COVID-19 Information Centre, Resources May Be Stretched Too

Related Posts

Subscribe Our Newsletter


Never miss an important Tech news again

HTML Snippets Powered By : XYZScripts.com