Hackers Steal And Publish Medical Data On Coronavirus

Black hat hacker group Maze has infected the infrastructure of a medical firm researching coronavirus, with Ransomware, and have now published the sensitive data regarding the pandemic.

Cybersecurity firm Emsisoft told Cointelegraph on March 23 the Maze group’s hackers compromised the United Kingdom medical firm Hammersmith Medicine Research. The published data includes sensitive data on medical test volunteers such as id documents like passports, medical background and details of the tests. Emsisoft threat analyst Brett Callow said:

“Note that, since the ComputerWeekly report ran, the data stolen from HMR has been ‘temporarily removed’ from the criminals’ website. […] But here’s the problem. Other criminals download the data posted on these leak sites and use it for their own purposes.”

Callow told Cointelegraph that he does not know how high the ransom demanded was. Still, he pointed out that the group has previously asked for about $1 million in Bitcoin for restoring access to the data and another $1 million in BTC to delete their copy and stop publishing it.

As Cointelegraph reported in early February, Maze also compromised five United States law firms and demanded two 100 Bitcoin ransoms in exchange for restoring data and deleting their copy. Callow said that ransomware groups nearly always request to be paid in Bitcoin:

“99% of ransom demands are in Bitcoin and, to date, it has been the Maze group’s currency of choice.”

In previous incidents, Maze also published stolen data on Russian cybercrime forums recommending to “Use this information in any nefarious ways that you want.” Callow also criticized “a not inconsiderable number of publications” that recently reported about how some ransomware groups — including Maze — stopped their attacks for the time of the pandemic. He said:

“A not inconsiderable number of publications recently reported that some ransomware groups, including Maze, had declared an amnesty on attacks on medical organizations for the duration of the Covid-10 outbreak and I’ve since seen them described as ‘Robin Hood-esque.’ This clearly demonstrates that, to the surprise of absolutely nobody, criminals cannot be trusted and it is a mistake for them to be given a voice.”

Callow said that the threat level is the same that it has always been, or possibly higher. He also insisted that “these groups should not be given a platform which enables them to downplay that fact.” This is in line with the recent Emsisoft report according to which ransomware attacks have a seasonal aspect and the number of attacks spikes during the spring and summer months.