Global computing conglomerate Microsoft is notifying hospitals that are vulnerable to ransomware attacks to help prevent healthcare institutions from becoming overwhelmed amid the COVID-19 pandemic.
The firm also published recommendations to hospitals for securing their systems and preventing ransomware attacks on April 1.
Through the company’s network of threat intelligence analysts, Microsoft states that it “identified several dozens of hospitals” with vulnerable virtual private networks and other public-facing gateway applications in their systems:
“During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare.”
The document cites REvil as an egregious offender of targeting hospitals during the coronavirus crisis, while Cointelegraph has covered the recent prevalence of Ryuk attacks targeting healthcare organizations struggling amid the pandemic.
Hospitals encouraged to engage opsec specialists
Microsoft distributed “first-of-its-kind” targeted notifications to the hospitals containing “important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits.”
Hospitals were recommended to ensure regular updates for VPN and firewall configurations, greater monitoring of remote access infrastructure, and strengthened protocols for responding to breaches.
They are advised to seek greater engagement with operational security professionals and to schedule regular audits.
Microsoft is also participating in the "Tech Against Corona" initiative alongside roughly a dozen tech companies to freely provide technology to the Dutch government to fight coronavirus — which includes efforts to help hospitals fight ransomware.
Maze and DoppelPaymer pledge not to attack hospitals
Some ransomware and darknet marketplace operators have taken a rare moral stance amid COVID-19.
The operators of both Maze and DoppelPaymer have claimed that they will not launch ransomware attacks targeting hospitals during the pandemic.
Anonymous free-market Monopoly has also announced it will permanently ban all vendors caught using COVID-19 as a “marketing tool” — including selling purported coronavirus treatments, facemasks and toilet paper.
Dark web analysis firm Digital Shadows also found that the darknet community has exhibited “atypical” behavior in recent weeks, such as “discouraging other users from profiting off the pandemic, and “providing health and safety information.”