beebright - stock.adobe.com

Interpol warns of more ransomware attacks against healthcare sector

Purple notice issued to alert police forces around the world of ransomware attacks against hospitals and other healthcare institutions

Interpol has warned of a significant increase in the number of attempted ransomware attacks against hospitals and other healthcare institutions on the front line of the fight against the Covid-19 pandemic.

At this point, the ransomware appears to be spreading primarily via emails – often falsely claiming to contain information or advice about the coronavirus from a government agency, which encourages the recipient to click on an infected link or attachment.

To support global efforts against this critical danger, Interpol has issued a purple notice alerting police in all its 194 member countries to the heightened ransomware threat.

Interpol’s cyber crime threat response team at its Cyber Fusion Centre is also monitoring all cyber threats related to Covid-19, working closely with cyber security companies to gather information and provide support to organisations targeted by ransomware.  

Meanwhile, it is assisting police with investigations into ransomware cases in affected member countries, providing first-hand technical support to help safeguard critical medical infrastructure and analysing cyber crime threat data to help law enforcement agencies mitigate the risks.

It is also collecting a list of suspicious internet domains related to Covid-19 and undertaking further analysis and evaluation, and will work with the relevant countries to take action. 

“As hospitals and medical organisations around the world are working non-stop to preserve the wellbeing of individuals stricken with the coronavirus, they have become targets for ruthless cyber criminals who are looking to make a profit at the expense of sick patients,” said Jürgen Stock, secretary-general of Interpol.   

All criminals will now realise that they have to be part of cyber crime and that means that cyber crime, which wasn’t industrialised before the current situation, will be institutionalised after this is over
Serguei Beloussov, Acronis

“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths. Interpol continues to stand by its member countries and provide any assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them held accountable.” 

Interpol said prevention and mitigation efforts are key to stopping further attacks, particularly for front-line organisations such as hospitals, which face the highest risk.   

In an interview with Computer Weekly, Acronis CEO Serguei Beloussov said that besides phishing and ransomware attacks, the company’s global network of cyber protection operations centres has detected a rise in the number of cryptomining attacks on unattended machines in business facilities that are mostly empty as more workers work from home.

“There have been a lot of requests to create new cryptominers and ransomware on the dark web because people are only protected against the old threats,” said Beloussov. “Just like us, criminals need to make money and their businesses are challenged right now by the outbreak.

“All criminals will now realise they have to be part of cyber crime and that means that cyber crime, which wasn’t industrialised before the current situation, will be institutionalised after this is over.”

In Australia, the number of phishing attacks has been “greatly increasing”, Karl Hanmore, acting head of the Australian Cyber Security Centre, told ABC Radio Sydney on 27 March.

Read more about cyber security in APAC

“If we look at cyber crime activity more broadly, not just this Covid-inspired set of scams, but what the normal sort of harm to the community is looking like, we’re getting people self-reporting about 145 cyber crime incidents to us a day and their self-reported losses are in the order of just under A$1m a day,” he said.

“Now, certainly we’re seeing some upticks in the Covid space and it’s most likely the same cyber criminals just trying to go about their normal day job of stealing from us all.”

Hanmore added that instead of capitalising on a topical media story, criminals are now all coalescing behind Covid-19.

In Singapore, cyber criminals sent out a phishing email purportedly from Singapore prime minister Lee Hsien Loong that provided an update on the Covid-19 situation and encouraged people to respond with their contributions and thoughts to the situation.

The World Health Organization (WHO) was also reportedly targeted by an advanced persistent threat group which set up a fake website spoofing the WHO’s internal email domain to steal credentials.

Read more on Hackers and cybercrime prevention