How Ransomware Is Accelerating in the COVID-19 Era

Written by Ayesha Prakash
February 5, 2021

Focus on cybersecurity to stop hackers from preying on people's fear of the coronavirus.

We all knew that a second wave was coming, just not quite when. Like a hurricane gathering in the distance, we could only wait for our fate.

Then it came. From July through September, new COVID-19 cases per day hovered between 200- and 300,000 worldwide. By mid-October, 400,000-plus per day was the norm. According to Google, on Oct. 28 we shattered our previous all-time high, with more than 550,000 new cases reported in only 24 hours.

Luckily, hospitals around the globe had prepared for this eventuality. Unfortunately, so had hackers.

On Oct. 29, in the midst of the planet’s worst disease outbreak in 100 years, two dozen U.S. hospitals and health care facilities were attacked. Hackers took over their computer systems, demanding tens and, in some cases, even hundreds of thousands of dollars in ransom.

The patients in those hospitals — laying in those beds, struggling to breathe, hooked up to machines — didn’t know that they were in the crosshairs of Russian cybercriminals.

Cybercrime Loves COVID

COVID-19 is a curse on the world, and a gift to cybercriminals. Last year saw record numbers of cyberattacks of all kinds, from phishing campaigns to brute force attacks. There’s been an onslaught of COVID-related malicious domain registrations-tens of thousands created every day. And there’s Zoom –bombing, which hardly even existed before March.

Even against all of this, ransomware has stood out. But it’s not the frequency so much as the severity of these attacks that has caused such an impact. Attackers have targeted highly sensitive corporations, government entities and, in particular, research labs and hospitals.

Brno University Hospital, Czech Republic

Doctors perform a surgery at Brno University Hospital in the Czech Republic. (Herrndorf image/Shutterstock)

Take, for example, Brno University Hospital. BUH is one of the Czech Republic’s leading sites for COVID-19 research. Around mid-March the virus was just starting to make hay in Europe so, suffice it to say, the hospital was as hectic and vulnerable as ever that month.

Peter Gramantik, a malware researcher, was a patient at the facility on March 13. Around 5 a.m. that day, a different kind of outbreak occurred. He told ZDNet what happened: “The hospital public announcement system started to repeat the message that all personnel should immediately shut down all computers due to ‘cybernetic security.’ This message was repeated like every 30 minutes.”

The entire building’s IT network had shut down. Two other BUH branches, the Children’s Hospital and the Maternity Hospital, also went down.

As it became clear that the problem wouldn’t go away quickly, doctors were forced to postpone urgent surgeries. Gramantik, himself, was sent home. Even worse: hospital staff began rerouting new, acute COVID-19 patients, directing them to a different nearby hospital.

A Ransomware Pandemic

What happened in Brno seemed utterly novel at the time, but in retrospect, it is far from unique. Hospitals and COVID-19 research centers worldwide have been hit weekly, even daily, since the start of the pandemic.

But it’s not just health care that’s been impacted, of course. Governments and …