19 March 2020

Leading ransomware gangs promise to stop attacks on medical entities during COVID-19 pandemic


Leading ransomware gangs promise to stop attacks on medical entities during COVID-19 pandemic

DoppelPaymer and Maze ransomware operators stated that they will hold back from attacking medical organizations during the current coronavirus pandemic. These statements were made in response to an inquiry by Lawrence Abrams of Bleeping Computer.

According to Abrams, he made contact with "the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak."

The DoppelPaymer operators were quick to respond stating that normally they do not attack hospitals or nursing homes and are not going to change this approach during the COVID-19 pandemic.

"We always try to avoid hospitals, nursing homes, if it's some local gov - we always do not touch 911 (only occasionally is possible or due to missconfig in their network) . Not only now," they told Bleeping Computer.

"If we do it by mistake - we'll decrypt for free. But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter ) So if this happens we'll do double, triple check before releasing decrypt for free to such a things. But about pharma - they earns lot of extra on panic nowdays, we have no any wish to support them. While doctors do something, those guys earns."

The Maze operators also responded with “press release” stating that “we also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus”, although they did not say if a free decryptor would be provided in case a healthcare organization gets encrypted by mistake.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024