As hospitals around the world struggle to respond to the COVID-19 crisis, ransomware presents a serious risk to their ability to provide urgent care are to the critically ill. In 2019, at least 764 healthcare providers were impacted by ransomware. Without a global pandemic, a ransomware attack on a critical care facility can cause grave danger to patients. With COVID-19, a ransomware attack on an overwhelmed hospital could tip the balance and result in a significant loss of life.
We’re here to help
In partnership with incident response company Coveware, we will be offering completely free help to critical care hospitals and other healthcare providers that are on the front lines of COVID-19 and have been impacted by ransomware. Subject to our own capacity, we aim to provide this service for the duration of the crisis to healthcare providers anywhere in the world.
The services offered will include:
- Technical analysis of the ransomware.
- Development of a decryption tool whenever possible.
- As a last resort ransom negotiation, transaction handling and recovery assistance, including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.
Ransomware attacks are likely to spike in the coming weeks
Ransomware has a seasonal aspect with the number of incidents spiking during the spring and the summer months.
Whether these spikes are due to increases in the number of attacks or organizations being more susceptible to attacks at certain times of year is not clear. However, in either case, it is likely that there will be an increase in the number of healthcare providers impacted by ransomware in the coming months and, unfortunately, this increase may coincide with the peak of the COVID-19 outbreak. Further, the spikes may be more pronounced than in previous years due to security weaknesses resulting from hastily introduced work-from-home arrangements, personal device usage and staffing shortages.
In short, we may be looking at a near-perfect storm in which healthcare providers are disrupted at the very time they are needed the most.
A note to ransomware groups
While we will never condone criminal behavior, we understand why financially motivated cybercrime exists. We also know you are humans, and that your own family and loved ones may find themselves in need of urgent medical care. Make no mistake, an attack on a healthcare organization will have negative outcomes and may result in the loss of life. We ask for your empathy and cooperation. Please do not target healthcare providers during the coming months and, if you target one unintentionally, please provide them with the decryption key at no cost as soon as you possibly can. We’re all in this together, right?
A note to security companies and professionals
Got expertise? Got some free time? Willing to assist with this initiative? Shoot us an email at volunteer@emsisoft.com. We’d love your help.
A note to other organizations that may be affected by ransomware during these trying times
It breaks our hearts not to be able to extend a helping hand to everyone. We are all in the same boat together. Our priority at this time is to ensure we have the capacity to assist the healthcare organizations helping save the lives of COVID-19 patients. If we find the capacity to extend this offer to other industries, we will update this post and provide further guidance. Until then, please hunker down and stay safe.