Contents
On September 9th, Düsseldorf University Hospital in Germany was hit by a ransomware attack which took down 30 servers. The attack has stopped systems from working, forcing the healthcare workers to immediately transfer emergency patients to other healthcare facilities. One of the patients turned out to be a female with critical health state, requiring life-saving treatments. As a result of the cyber attack, she had to be transfered to another hospital in Wuppertal which is approximately 19 miles (30 kilometers) away from the compromised hospital. Unfortunately, such delay of the treatment was fatal for the patient and resulted in death.
It is suspected that this might be the first death caused by cyberattack, ever. However, until the ongoing investigation is complete, this is a speculation, not a fact yet.
It is unknown which ransomware family is to blame for the cyberattack. Some unconfirmed sources believe it might be associated with MAZE cartel.
According to German news site heide.de, the attackers have gained access to the hospitals’ IT systems via security hole in Citrix VPN software known as “Shitrix.” It is believed that this could have happened months ago. That said, the whole shut-down of hospital’s servers was likely planned in advance.
The cyber attack was implemented with a help of critical security vulnerability, identified as CVE-2019-19781, first reported in December 2019. The compromisation of the systems involved adding a backdoor, and as a result, installing software updates with patches fixed the vulnerability, but didn’t get rid of the backdoor. Using this backdoor, the attackers worked their way deeper into the system in the next few months. Companies that didn’t identify the malicious code were compromised later, resulting in encrypted files on the entire network.
In 2020, ransomware operators have gone way too far with their greed for money – targeting extremely sensitive data, they seem to have no conscience. While in the past they used to lock computer’s screen or encrypt personal files only, nowadays they steal private information from individuals and companies, threatening to publish information online.
While previously these cybercriminals focused on home users mainly, nowadays their primary targets are large companies that are willing to pay hundreds of thousands to keep their and their customers’ private data safe. The appearance of Ransomware-as-a-Service, as well as partnerships between largest cybercriminal gangs resulting in cartels, such as Maze, Sodinokibi, Ragnarok, or LockBit have given a whole new perspective for the evolution of malware and Internet crime.
It is known that healthcare institutions are one of the top targets for cybercriminals, as these facilities do not have time for delays as lives must be saved. However, human lives do not seem to be an area of interest for ransomware operators.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
VLFF ransomware is a virtual menace to your computer files VLFF ransomware is a newly…
UIGD ransomware encrypts all files on a computer, asks for a ransom UIGD ransomware is…
EYRV ransomware takes your computer files hostage, demands a ransom EYRV ransomware is a destructive…
Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet Access…
XCBG ransomware aims to lock your files and demand a ransom XCBG ransomware is a…
BPQD ransomware encrypts all computer files, demands a ransom from the user BPQD ransomware is…
This website uses cookies.
View Comments
great explanation