Cybercrime: From Wannacry to Wannahelp
Cybercrime groups, known for the most prolific ransomware attacks, state that they will not target NHS systems during COVID. But is there any reason to relax?
The Maze and DoppelPaymer cybercrime groups have promised to avoid the NHS. DoppelPaymer said that they "always try to avoid hospitals [and] nursing homes," and if they do target them accidentally during COVID, they will provide an encryption key for free. Can we breathe a sigh of relief? Let’s look at the situation.
The NHS is at breaking point and is more vulnerable than ever to cyberattacks due to Covid19. The usual working protocol has been disrupted as doctors work from home, and GP appointments take place by phone. As the NHS’s resources reach a critical-low, their usual security measures are unlikely to be the main priority. For example the National Audit of the NHS’s security and cyber-resilience has been pushed back to September due to the virus. This means your data and your appointments are at increased risk of an attack which is completely out of your control to protect against.
The acting chief information security officer for the NHS, Nigel Bennett acknowledges this threat and states that in partnership with The National Cyber Security Centre and NHSX they have created a new program to tackle the new COVID-related challenges. However they can only go so far, and typically cybercriminals seem to be one step ahead.
Organizations stretched to the limit are particularly vulnerable. The Wannacry attack on the NHS, for example, cost them £92,000,000, and over 19,000 appointments were canceled. An attack like this during Covid19 would be a matter of life and death, but even so can these criminal gangs resist the temptation of such a vulnerable target? The answer is ‘yes’, if you can trust a prolific cybercriminal gang. There is some debate as to whether their decision is a sudden show of nationalism and empathy for the NHS - their equivalent of the Thursday clap - or a result of something more sinister. Could blackmail be on the cards?
Either way, if they stay true to their word, are they able to keep healthcare organizations safe from other cyber gangs? The criminals operating the Ryuk threat - the ransomware that took down North Carolina City and led to a state of emergency in the City of New Orleans has given no such immunity for the NHS. We will have to wait and see. We Fight Fraud, would advise the highest level of vigilance, this is definitely not a time to be complacent.