Skip to main content

Hackers With No Conscience And Empathy, Are Targeting To Hit Hospitals With Ransomware Attack During Coronavirus Pandemic.

By Editor


As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers.
The new research, published by Palo Alto Networks, confirmed that "the threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis."
While the security firm didn't name the latest victims, it said a Canadian government healthcare organization and a Canadian medical research university both suffered ransomware attacks, as criminal groups seek to exploit the crisis for financial gain.
The attacks were detected between March 24 and March 26 and were initiated as part of the coronavirus-themed phishing campaigns that have become widespread in recent months.

Palo Alto Networks' disclosure comes as The U.S. Department of Health and Human Services (HHS), biotechnology firm 10x Genomics, Brno University Hospital in the Czech Republic, and Hammersmith Medicines Research have been hit by cyberattacks in the past few weeks.
Delivering Ransomware by Exploiting CVE-2012-0158
According to the researchers, the campaign began with malicious emails sent from a spoofed address mimicking the World Health Organization (noreply@who[.]int) that were sent to a number of individuals associated with the healthcare organization that's actively involved in COVID-19 response efforts.
The email lures contained a rich text format (RTF) document named "20200323-sitrep-63-covid-19.doc," which, when opened, attempted to deliver EDA2 ransomware by exploiting a known buffer overflow vulnerability (CVE-2012-0158) in Microsoft's ListView / TreeView ActiveX controls in MSCOMCTL.OCX library.


              phishing email malware.


"It is interesting to note that even though the file name clearly references a specific date (March 23, 2020), the file name was not updated over the course of the campaign to reflect current dates," Palo Alto Networks researchers noted.
"It is also interesting that the malware authors did not attempt to make their lures appear legitimate in any way; it is clear from the first page of the document that something is amiss."
Upon execution, the ransomware binary contacts the command-and-control (C2) server to download an image that serves as the main ransomware infection notification on the victim's device, and subsequently transmits the host details to create a custom key to encrypt the files on the system's desktop with a ".locked20" extension.
Aside from receiving the key, the infected host uses an HTTP Post request to send the decryption key, encrypted using AES, to the C2 server.
Palo Alto Networks ascertained that the ransomware strain was EDA2 based on the code structure of the binary and the host-based and network-based behaviors of the ransomware. EDA2 and Hidden Tear are considered one of the first open-source ransomware that were created for educational purposes but have since been abused by hackers to pursue their own interests.
A Spike in Ransomware Incidents
The ransomware attacks are a consequence of an increase in other cyberattacks related to the pandemic. They have included a rash of phishing emails that attempt to use the crisis to persuade people to click on links that download malware or ransomware onto their computers.

Furthermore, Check Point Research's Brand Phishing Report for Q1 2020 observed a jump in mobile phishing due to people spending more time on their phones for information related to the outbreak and for work. Attackers were found imitating popular services such as Netflix, Airbnb, and Chase Bank to steal login credentials.
With hospitals under time constraints and pressure due to the ongoing pandemic, hackers are counting on the organizations to pay ransoms to recover access to critical systems and prevent disruption to patient care.
A report released by RisKIQ last week found that ransomware attacks on medical facilities were up 35% between 2016 and 2019, with the average ransom demand being $59,000 across 127 incidents. The cybersecurity firm stated that hackers also favored small hospitals and healthcare centers for reasons ranging from lean security support to increased likelihood of heeding to ransom demands.
The spike in ransomware attacks against the medical sector has prompted Interpol to issue a warning about the threat to member countries.
"Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage, preventing them from accessing vital files and systems until a ransom is paid," the agency said.
To protect the systems from such attacks, Interpol cautioned organizations to watch out for phishing attempts, encrypt sensitive data, and take periodic data backups, aside from storing them offline or on a different network to thwart cybercriminals.

THN

#osutayusuf

Comments

Post a Comment

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

By Editor
📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed
Post a Comment
Read more

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

By Editor
POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.
Post a Comment
Read more

How to Host a Website for Free From Your PC or Laptop.

By Editor
Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c
Post a Comment
Read more