A medical research company scheduled to test a potential vaccine for the Covid-19 Coronavirus has been hit with ransomware by Maze Team, the very hacking group that, just last week pledged to stop interfering with entities combating the Coronavirus pandemic.
Maze Team has infected computer systems of Hammersmith Medicines Research (HMR), “publishing personal details of thousands of former patients after the company declined to pay a ransom,” Bill Goodwin reported for ComputerWeekly.com.
HMR is known to have carried out tests to develop the Ebola vaccine and drugs to treat Alzheimer’s disease. It also regularly performs early clinical trials of drugs and vaccines.
Up until last week, it was seeking a cure for the agonizing Coronavirus pandemic. That was, until its systems suddenly froze, infected with ransomware – a form of malware that scrambles data on computer systems and doesn’t restore it until ransom is paid to those commanding the attack.
“HMR said that IT staff discovered a ‘severe attack’ in progress on Saturday 14 March, but were able to halt it and restore its computer systems and email by the end of the day,” Goodwin reports.
“We repelled [the attack] and quickly restored all our functions. There was no downtime,” said Malcolm Boyce, managing and clinical director and doctor at HMR.
Fortunately, the company was able to restore its data – likely from backups secluded from Internet cables or adjacent systems. However, the situation is far from encouraging. While HMR managed to dodge this bullet, the healthcare sector in general is an easy target for cybercriminals, as it’s notoriously lacking in cybersecurity safeguards.
The incident reportedly prompted HMR to “beef up” its cyber defenses, with Boyce admitting his company lacked the funds to pay a ransom demand even it wanted to.
Unlike run-of-the-mill commercial ransomware, Maze authors have meticulously implemented a data theft mechanism to exfiltrate information from compromised systems. This information is used by Maze operatives as leverage, not only for for payment, but also to transform an operational issue into a fully-fledged data breach. Bitdefender this week is releasing a whitepaper exposing the shady techniques employed by Maze Team that allow it to perform obfuscation, evasion and exploitation of infrastructures with a large attack surface, such as government agencies, critical infrastructures and healthcare systems.