Maze and DoppelPaymer ransomware suspended attacks on medical organizations

Maze and DoppelPaymer suspended attacks
Written by Emma Davis

Ransomware operators Maze and DoppelPaymer have suspended any attacks on medical facilities during the coronavirus (COVID-19) pandemic.

As DoppelPaymer representatives told BleepingComputer, they usually do not target hospitals or nursing homes and will follow this approach during a pandemic.

We always try to avoid attacks on hospitals and nursing homes. We do not attack 911 services (in very rare cases or because of a network error). Not just now. In case of an error, we decrypt the data for free. However, some companies usually mask themselves as something else – for example, one of the development companies posed as small real estate, and another as a dog shelter. When it comes to pharmaceutical companies, today they earn a lot of money on the wave of the panic, and we do not want to support them. While the doctors are doing something, these guys are making money,” – explained DoppelPaymer operators.

Ransomware continues to be one of the most serious threats that may face various companies and organizations, and ransomware attack methods continue to evolve. Like any criminal gang, teams that introduce cryptographers and ransomware will use current problems to infect victims.

Unfortunately, the coronavirus pandemic was no exception. We have already seen COVID-19 infection spread maps infiltrated by malware and malware domains associated with the pandemic theme. US Attorney Scott Brady warned Internet users and organizations to fear an “unprecedented” wave of coronavirus fraud.

Maze and DoppelPaymer suspended attacks

Lawrence Abrams, creator of BleepingComputer

Lawrence Abrams, creator of BleepingComputer, turned to cybercriminal groups for the actions of some who are watching the web-based publication. Abrams asked a simple question: will you continue to harass medical and medical organizations during the COVID-19 pandemic? And the answers of the operators of two well-known extortionists surprised IB experts. We talked about DoppelPaymer above, and Maze operators reported the cessation of all “activities” against all types of medical organizations until the end of the pandemic.

The Maze actors did not confirm whether a decrypter would be available if healthcare organizations are infected unintentionally”, — reports Forbes magazine.

Nevertheless, security provider Emsisoft, in collaboration with Coveware, announced that they would provide a completely free ransomware recovery service for critical hospitals and other healthcare providers. This includes developing a decryption tool whenever possible.

If this announcement from ransomware operators, also known as cybercriminals, is accurate, it is motivated by self-preservation and not altruism. The last thing cybercriminals want is an APT actor’s offensive capabilities deployed against them”, — Ian Thornton-Trump, CISO at Cyjax, says.

US Attorney Scott Brady did say that law enforcements would harshly respond to incidents involving information security breaches in medical facilities.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply