Maze operators attacked medical company, which is testing vaccine for COVID-19

Maze ransomware operators attacked Hammersmith Medicines Research (HMR), a medical research company, which is testing a possible vaccine for COVID-19.

The company refused to pay a ransom to unlock the computer systems, and as a result, personal data of thousands of former patients leaked to the Network.

According to Computer Weekly, Maze operators have published secret medical and personal information, including medical questionnaires, passport copies, driver’s licenses and national insurance numbers for more than 2,300 patients of the organization.

“The criminals behind the Maze ransomware attacks have struck again, stealing data from a victim and then publishing it online to get them to pay the ransom demanded. A medical facility on standby to help test any coronavirus vaccine has been hit by a ransomware group that promised not to target medical organizations”, — reports Forbes with the link on Computer Weekly.

The attack occurred only a few days after the criminal group publicly announced the cessation of attacks on medical research organizations and companies during the coronavirus pandemic. The criminals kept their promise for only three days. HMR IT staff discovered a cyberattack on March 14 and by the end of that day was able to stop it and resume computer systems and email.

HMR did not disclose how Maze could access its network. According to Troy Mursch, co-founder of Bad Packets, Hammersmith Medicines Research used a Fortinet VPN server, which could contain a vulnerability that allowed Maze to hack. Infosecurity professional, John Opdenakker, is not at all surprised that the Maze actors broke this so-called promise.

“Financial gain is, unfortunately, the only motive for criminal actors. They also know that medical organizations are currently in a very vulnerable situation due to the coronavirus outbreak, which only increases the probability that they’ll pay the ransom”, — says the Opdenakker.

The FBI has already warned of a significant surge in COVID-19 scams, for example we wrote that the Attackers Spread Fake Coronavirus Android Tracker, and championship in “licensed” hacking Pwn2Own passed in virtual environment Due to COVID-19.

At the same time, security provider Emsisoft, in collaboration with Coveware, announced that they would provide a completely free ransomware recovery service for critical hospitals and other healthcare providers. This includes developing a decryption tool whenever possible.