INTERPOL has issued an alert to hospitals and institutions at the forefront of the global response to the COVID-19 outbreak that warned them of becoming targets of ransomware attacks, which are designed to lock them out of their critical systems in an attempt to extort payments. Lee Kok Leong, executive editor, Maritime Fairtrade, reports
INTERPOL’s Cybercrime Threat Response team at its Cyber Fusion Centre has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response. Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.
To support global efforts against this critical danger, INTERPOL has issued a Purple Notice alerting police in all its 194 member countries to the heightened ransomware threat. It is also assisting police with investigations into ransomware cases in affected member countries as well as analysis of cybercrime threat data to help law enforcement agencies mitigate the risks.
At this point, the ransomware appears to be spreading primarily via emails, often falsely claiming to contain information or advice regarding the coronavirus from a government agency, which encourages the recipient to click on an infected link or attachment. In this regard, prevention and mitigation efforts are key to stopping further attacks, particularly for frontline organizations like hospitals which are facing the highest risk.
To minimize the risk of disruption in the event a ransomware attack does occur, INTERPOL encourages hospitals and healthcare companies to ensure all their hardware and software are regularly kept up to date. They should also implement strong safety measures like backing up all essential files and storing these separately from their main systems.
Six steps to protect from ransomware
There are a number of steps hospitals and others can take to protect their systems from a ransomware attack.
- Only open emails or download software/applications from trusted sources
- Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender
- Secure email systems to protect from spam which could be infected
- Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive)
- Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running
- Use strong, unique passwords for all systems, and update them regularly