Skip to main content
close search
site logo
Dive Brief

Report: Medical company set to aid coronavirus response struck by ransomware

Published March 23, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
This transmission electron microscope image shows SARS-CoV-2, the virus that causes COVID-19, isolated from a patient in the U.S.
National Institute of Allergy and Infectious Diseases. (2020). "Novel Coronavirus SARS-CoV-2" [Image]. Retrieved from https://www.flickr.com/photos/nihgov/49565892277/in/album-72157713108522106/.

Dive Brief:

  • Hackers behind the Maze ransomware published stolen data from a United Kingdom-based medical research firm Hammersmith Medicines Research (HMR), reports Computer Weekly. HMR was on "standby" for developing vaccines for the novel coronavirus outbreak. 
  • HMR discovered the "severe attack" on March 14. The organization "repelled" the attack and restored its computer systems within the same day, Malcolm Boyce, managing and clinical director and doctor at HMR, told Computer Weekly. However, by March 21, the hackers published files dating back anywhere between eight and 20 years. 
  • The published data includes information on medical trial volunteers, including proof of identification, medical backgrounds, and the vaccination studies volunteers participated in, Brett Callow, threat analyst at Emsisoft told CIO Dive in an email. 

Dive Insight:

The attackers behind Maze have reinvented ransomware and how its victims deal with ransom payouts.

Callow warns the hackers likely have not published all of the stolen data. The Maze group is publishing "proofs," or small amounts of data, with the expectation of more "staggered" publication to come.

While Maze is known for targeting public entities, the Maze group reportedly called "an amnesty on attacks on medical organizations for the duration" of the coronavirus outbreak, said Callow. "I've since seen them described as Robin Hood-esque."

Forbes collected cybercriminals' responses to the coronavirus pandemic and their likely plan of action. The report, published last week, demonstrates "criminals cannot be trusted — to the surprise of absolutely nobody — and that they should not be given a voice," said Callow. 

This isn't the first time the Maze operators have claimed moral integrity. After the hacker group targeted Pensacola, Florida in December, the operators said their malware stopped short of "socially significant services," including "hospitals, cancer centers, maternity hospitals and other socially vital objects."

The ransomware-turned-data-breach method is influencing other hacker groups, such as REvil and DoppelPaymer. DoppelPaymer, which recently targeted a manufacturer for Boeing, Tesla and Lockheed Martin, turns its ransomware attacks into data breaches. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell