Perhaps they want to avoid provoking the white-hot rage of an already wounded public. Or maybe they’ve realized their victims can’t pay. Or, just possibly, some black hats do have a smidgen of ethics. At least in grim times like these.
The Maze Team ransomware gang, infamous for shutting down hospitals and clinics with ransomware, has said it will stop attacking the healthcare sector – at least until the Coronavirus crisis is under control.
Threat actors have shown a hint of sympathy on rare occasions in the past. In 2018, for example, the infamous GandCrab ransomware operators decided to avoid hacks on Syrian ground, and to help victims recover their files in the war-torn country.
However, ruthlessness is the norm.
Last week, a major hospital in the Czech Republic, which served as a COVID-19 testing facility, grinded to a halt after its systems were locked down with ransomware. It is unclear if the malware used was the one commanded by the Maze Team, but it could have been, considering the team’s aggressive global campaign against major industries, including the medical sector.
In a move that generates a guarded sigh of relief along with healthy skepticism, Maze Team this week announced it will dial down its malice during the Coronavirus pandemic, offering discounts for some victims while completely halting targeted attacks against the healthcare industry.
A screen capture of the team’s ‘press release’ obtained by Databreaches.net (reproduced above) reveals that Maze promises to reduce its ransom demands and provide the decryptor to its “partners” (read victims), as well as delete any stolen data, “in case of agreement.”
“The offer applies to both new parties and the archived ones,” reads the announcement. “We are always open for cooperation and communication.”
As for the healthcare industry, Maze Team had this to say:
“We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus.”