DoppelPaymer and Maze ransomware operators stated that they will hold back from attacking medical organizations during the current coronavirus pandemic. These statements were made in response to an inquiry by Lawrence Abrams of Bleeping Computer.
According to Abrams, he made contact with "the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak."
The DoppelPaymer operators were quick to respond stating that normally they do not attack hospitals or nursing homes and are not going to change this approach during the COVID-19 pandemic.
"We always try to avoid hospitals, nursing homes, if it's some local gov - we always do not touch 911 (only occasionally is possible or due to missconfig in their network) . Not only now," they told Bleeping Computer.
"If we do it by mistake - we'll decrypt for free. But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter ) So if this happens we'll do double, triple check before releasing decrypt for free to such a things. But about pharma - they earns lot of extra on panic nowdays, we have no any wish to support them. While doctors do something, those guys earns."
The Maze operators also responded with “press release” stating that “we also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus”, although they did not say if a free decryptor would be provided in case a healthcare organization gets encrypted by mistake.