Skip to main content

Hackers With No Conscience And Empathy, Are Targeting To Hit Hospitals With Ransomware Attack During Coronavirus Pandemic.



As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers.
The new research, published by Palo Alto Networks, confirmed that "the threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis."
While the security firm didn't name the latest victims, it said a Canadian government healthcare organization and a Canadian medical research university both suffered ransomware attacks, as criminal groups seek to exploit the crisis for financial gain.
The attacks were detected between March 24 and March 26 and were initiated as part of the coronavirus-themed phishing campaigns that have become widespread in recent months.

Palo Alto Networks' disclosure comes as The U.S. Department of Health and Human Services (HHS), biotechnology firm 10x Genomics, Brno University Hospital in the Czech Republic, and Hammersmith Medicines Research have been hit by cyberattacks in the past few weeks.
Delivering Ransomware by Exploiting CVE-2012-0158
According to the researchers, the campaign began with malicious emails sent from a spoofed address mimicking the World Health Organization (noreply@who[.]int) that were sent to a number of individuals associated with the healthcare organization that's actively involved in COVID-19 response efforts.
The email lures contained a rich text format (RTF) document named "20200323-sitrep-63-covid-19.doc," which, when opened, attempted to deliver EDA2 ransomware by exploiting a known buffer overflow vulnerability (CVE-2012-0158) in Microsoft's ListView / TreeView ActiveX controls in MSCOMCTL.OCX library.






              phishing email malware.


"It is interesting to note that even though the file name clearly references a specific date (March 23, 2020), the file name was not updated over the course of the campaign to reflect current dates," Palo Alto Networks researchers noted.
"It is also interesting that the malware authors did not attempt to make their lures appear legitimate in any way; it is clear from the first page of the document that something is amiss."
Upon execution, the ransomware binary contacts the command-and-control (C2) server to download an image that serves as the main ransomware infection notification on the victim's device, and subsequently transmits the host details to create a custom key to encrypt the files on the system's desktop with a ".locked20" extension.
Aside from receiving the key, the infected host uses an HTTP Post request to send the decryption key, encrypted using AES, to the C2 server.
Palo Alto Networks ascertained that the ransomware strain was EDA2 based on the code structure of the binary and the host-based and network-based behaviors of the ransomware. EDA2 and Hidden Tear are considered one of the first open-source ransomware that were created for educational purposes but have since been abused by hackers to pursue their own interests.
A Spike in Ransomware Incidents
The ransomware attacks are a consequence of an increase in other cyberattacks related to the pandemic. They have included a rash of phishing emails that attempt to use the crisis to persuade people to click on links that download malware or ransomware onto their computers.

Furthermore, Check Point Research's Brand Phishing Report for Q1 2020 observed a jump in mobile phishing due to people spending more time on their phones for information related to the outbreak and for work. Attackers were found imitating popular services such as Netflix, Airbnb, and Chase Bank to steal login credentials.
With hospitals under time constraints and pressure due to the ongoing pandemic, hackers are counting on the organizations to pay ransoms to recover access to critical systems and prevent disruption to patient care.
A report released by RisKIQ last week found that ransomware attacks on medical facilities were up 35% between 2016 and 2019, with the average ransom demand being $59,000 across 127 incidents. The cybersecurity firm stated that hackers also favored small hospitals and healthcare centers for reasons ranging from lean security support to increased likelihood of heeding to ransom demands.
The spike in ransomware attacks against the medical sector has prompted Interpol to issue a warning about the threat to member countries.
"Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage, preventing them from accessing vital files and systems until a ransom is paid," the agency said.
To protect the systems from such attacks, Interpol cautioned organizations to watch out for phishing attempts, encrypt sensitive data, and take periodic data backups, aside from storing them offline or on a different network to thwart cybercriminals.

THN

#osutayusuf

Comments

Post a Comment

Popular posts from this blog

Ambassador Angualia Richard Perished in a Fatal Accident.

Story by Osuta Yusuf. Arua City. 29-7-2025. 📸: Portrait of Ambassador Angualia Richard. Courtesy Photo. Former Uganda's Ambassador to Egypt, Ambassador Angualia Louis Richard has been reported dead this evening 5pm 28-7-2025 after he was involved in a head-on collision accident with another motorcycle rider near Abi Farm, Ayivu East Constituency in Arua City. 📸: Photos from the scene of the Accident. Courtesy Photos. He met his death this evening while riding on a Bajaj Motorcycle. Amb. Angualia, who contested in 2011 for Maracha County but lost to Hon Alex Onzima Adrooa. In 2016 when two Constituencies were created in Maracha District, carving Maracha Constituency and Maracha East constituency, Ambassador Angualia contested for Maracha Constituency MP position in 2016 but lost to Hon Oguzu Lee Denis. Ambassador Angualia later shifted to contest in Maracha East Constituency but again lost to Hon Ruth Lematia Molly Ondoru during the 4-September-2020...
1 comment
Read more

Lab Student Drowned, Body Missing in Rokoze Lake in Nyadri Sub-county, Maracha District.

Maracha District.  5-December-2025. 📸: Residents gathered around the lake as they searched the missing body of the student. Photo by #Information_is_Power's news reporter.  This afternoon Friday 5-December-2025, a student from St Joseph Laboratory Training School in Maracha hospital, a one  Araku Denis drowned in Rokoze water body in Nyadri Sub-county and the  body has not been retrieved upto this night as the police and residents searched for it and in vain but they are expected to resume retrieving it tomorrow Saturday 6-December-2025. 📸: Photo of the deceased which we captured on his phone screen this night. Araku and his fellow students had  reportedly gone to pass time at water point after completing exams papers of today. Him and callagues got attracted to swimming at water body where he perished.  By press time, efforts to retrieve his body proved futile as the body remains invisible on water surface.  Rokoze water body...
Post a Comment
Read more

Surgeons fined $60,000 and banned permanently from profession after billionaire died during penis enlargement surgery.

Surgeons have been banned from practicing plastic surgery after a billionaire patient died during a penis enlargement procedure. Belgian-Israeli diamond dealer Ehud Arye Laniado, 65, died of a heart attack during the procedure to enlarge his penis at the Saint-Honore-Ponthieu aesthetic clinic in Paris. His star surgeon, known as Guy H, was known for operating on wealthy clients and he treated Ehud two to four times a year in procedures costing tens of thousands of euros. Wealthy Omega Diamonds owner Ehud would be operated on out of office hours. He had been having injections into his penis to make it appear larger. An investigation was swiftly opened into potential manslaughter chargers following his death, though it soon shifted to charges of failing to assist a person in danger, drug offences and practicing medicine without a licence. A Paris court on Wednesday suspended Guy H's licence and sentenced him to 15 months behind bars. His surgeon, who had been...
Post a Comment
Read more