Two ransomware administrators pledge not to attack health organizations during the coronavirus crisis, or decrypt them for free should they have been attacked ‘accidentally’. Two anti-ransomware services are giving free aid to health organizations during the pandemic.
BleepingComputer reached out to several ransomware administrators to ask how they were coping with the Covid-19 pandemic. DoppelPaymer and Maze both responded by saying they will not attack health organizations during the crisis. DoppelPaymer claims that hospitals, care homes, local government services and emergency numbers such as 112 are ‘never’ targets. However, it is possible that such a service is infected ‘accidentally’, for example if the network of such a service is set up incorrectly.
DoppelPaymer claims to decrypt such a service for free. At the same time, the criminals indicate that commercial companies sometimes pretend to be a different kind of company. The administrators cite the example of a company that claimed to be a dog shelter. DoppelPaymer therefore checks whether a health service is really a health service, before they decrypt for free.
Pharmaceutical companies do not fall under the exception, ‘because they make a lot of money in these times of panic’. Health services infected with DoppelPaymer should contact them via email or their Tor webpage, according to the administrators.
Maze wrote in a statement to “stop all activities against all forms of medical organizations until the coronavirus crisis has stabilised.” It is unknown if Maze will help health services accidentally infected with ransomware.
Anti-malware service Emsisoft and ransomware support service Coveware tell BleepingComputer to provide free ransomware decryption and negotiation help for health services during the pandemic. The organizations want to ensure that the impact of such an attack is short-lived and that medical organizations can act again quickly against the corona virus.
Ransomware attacks can severely affect medical organizations. An example of this is the Wana Decrypt0r 2.0 ransomware, which hit several British hospitals in 2017. As a result, the hospitals had to shut down the entire digital infrastructure and only treated emergencies. According to BleepingComputer, the site of the US Department of Health, a health service in the state of Illinois and a university hospital in the Czech Republic were recently hit by ransomware.