Cybercriminals promise that they will stop attacking health organizations during coronavirus outbreak. The cybercrime groups behind two of the most prolific ransomware threats have issued statements that they will not attack healthcare and medical targets during the coronavirus crisis.

Lawrence Abrams (the creator of BleepingComputer), reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to find out if they would cease to target Healthcare organizations during this time of dire crises.

Among the first ones to respond was DoppelPaymer Ransomware, an infamous human-operated ransomware cybercrime group who stated that they usually avoid attacking hospitals and nursing homes, while also stressing that if they attack governments, they also don’t touch 911 even though emergency communications are hit due to network misconfigurations. They also stated that if any Healthcare organization is hit by mistake, they would decrypt it for free.

Maze ransomware authors also responded stating that, “We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with the virus.” At the time of writing, no other cybercriminals issued any statements.

Buy Me a Coffee

Free Ransomware Help During Coronavirus Outbreak

Emsisoft and Coverware have announced on a blog post that they will offer free help to critical care hospitals and other healthcare providers that are on the front lines of COVID-19 and have been impacted by ransomware.

The services offered will include:

  • Technical analysis of the ransomware.
  • Development of a decryption tool whenever possible.
  • As a last resort ransom negotiation, transaction handling and recovery assistance, including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.
READ
Microsoft Calls Out FTC Over Alleged Leaks of Antitrust Investigation

Unfortunately, some online threat groups and ransomware operators see this as an optimal time to launch attacks on these organizations when they are at their most vulnerable.