Could vaccine endeavors be undermined by ransomware?

Companies developing vaccines like Pfizer and BioNTech are some of the hottest targets for cyberattacks right now.
16 November 2020
  • Companies developing vaccines like Pfizer and BioNTech, among others elsewhere, are some of the hottest targets for cyberattacks right now
  • North Korea and Russi’s State-backed hackers have been targeting organizations working on a coronavirus vaccine – some successfully, according to Microsoft

Cyberattacks targeting the healthcare sector and taking advantage of the pandemic are sadly old news. In March, the Czech Republic hospital responsible for running most of the country’s Covid-19 testing, Brno University Hospital, was held to ransom and forced to shut down its IT Network.

Just days later, the US Department of Health and Human Services (HHS) was the victim of a foiled distributed denial of service (DDoS) attack. Meanwhile, the World Health Organisation (WHO) revealed that it was experiencing double the usual number of cyberattacks against its systems, including hackers running malicious sites impersonating the WHO’s internal email system.

Attackers have been using ransomware attacks to target hospitals and healthcare organizations across the United States – medical clinics in the state of Texas and a health care agency in Illinois were earlier victims. But around the world, from Paris’s hospital system, the computer systems of Spain’s hospitals, hospitals in Thailand, the global healthcare industry has been targeted. 

In Germany, we saw the resulting threat to human health become a tragic reality when a woman in Dusseldorf reportedly became the first known death as a result of a cyberattack in a hospital.

An attack on Covid-19’s cure

In a report last week, Microsoft said, “two global issues will help shape people’s memories of this time in history – Covid-19 and the increased use of the internet by malign actors to disrupt society.

“It’s disturbing that these challenges have now merged as cyberattacks are being used to disrupt health care organizations fighting the pandemic. We think these attacks are unconscionable and should be condemned by all civilized society.”

The technology giant had detected cyberattacks from three nation-state actors targeting seven prominent organizations directly involved in researching vaccines and treatments for Covid-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that is called Zinc and Cerium.

Microsoft said it had detected attempts to break into the computer systems of seven pharmaceutical companies and the Russian group had used “brute force” tactics, trying to log into accounts using millions of different passwords. Russia, however, denied it was responsible.

One of the North Korean groups sent emails posing as WHO officials and tried to trick people into handing over their login credentials. Some of the break-in attempts failed, but Microsoft warned that some of them had been successful.

Even the UK in July said Russian intelligence was behind the targeting of UK research, including the Oxford vaccine. The US also accused China of similar activities. Both countries have denied it.

Most recently, eResearch technology, a Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments, and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks.

The attack, which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper.

A recent report by Business Insider stated that the server of BioNTech SE, which is developing a Covid-19 vaccine with Pfizer Inc., was encrypted with Ryuk ransomware as a result of the attack by unknown hackers. BioNTech, however, responded saying its computer systems were unaffected by ransomware after a reported cyberattack in September.

It is important to note that the vaccine by Pfizer and BioNTech has “an extraordinarily high degree of efficacy” – more than 90%, close to 95%, according to Dr. Anthony Fauci, the top U.S. infectious-disease doctor. As such, it represents one of the best chances at present to reduce the impact of the Covid-19 pandemic. For cyber attackers, however, that means targeting the organizations behind it could cause massive disruption.