Patterson Belknap – As we previously described and as reflected in the rapidly increasing number of cyber-attacks since its start, the COVID-19 pandemic has triggered a shift in working practices that hackers and other bad actors are using to their advantage.
Recent studies show a 273% percent rise in large-scale data breaches in the first quarter of 2020, compared to prior-year statistics, and a 109% year-over-year increase in ransomware attacks in the United States through the first half of 2020. This post will focus specifically on ransomware attacks targeting researchers working on a COVID-19 vaccine and how these attacks have evolved since the start of the pandemic.
In a ransomware attack, hackers use phishing or other means to introduce malware onto the victim’s computer system that encrypts the system, rendering the files and data on the system inaccessible to the victim. The hackers then attempt to extract a monetary payment from the victim in exchange for the key needed to decrypt the compromised files. In some instances, hackers also threaten to publicly release encrypted data by a specified deadline if no payment is received.
Recent ransomware attacks have targeted entities conducting confidential COVID-19-related research, including firms and groups working to develop a vaccine for the virus. In March, for example, the Maze ransomware hacking group attacked a British research company that was preparing to conduct trials of a COVID-19 vaccine. The hackers released thousands of personal medical records stolen from the company’s servers after the company, which stated it lacked funds to pay a ransom, refused to pay. In April, the U.S. firm 10x Genomics—which was performing sequencing research from the cells of patients who had recovered from COVID-19—suffered a ransomware attack. The hacking group Sodinokibi took credit for that attack, claimed to have stolen one terabyte of sensitive data and publicly released some of that information. More recently, in June, hackers infiltrated servers in the epidemiology and biostatistics department of the University of California at San Francisco. UCSF, then in the midst of research into a COVID-19 treatment or vaccine, hired a professional negotiator and agreed to pay a $1.14 million ransom for the decryption key (according to a leaked transcript). Other recent targets of ransomware attacks include pharmaceutical companies working on trial-stage COVID-19 vaccines, such as Moderna.
These attacks show that hackers are capitalizing on the vulnerabilities exposed by changing work patterns, such as increased use of personal e-mail accounts and “shadow” IT. However, the increase in ransomware incidents specifically further suggests that high-stakes COVID-19 research may make companies especially attractive targets because, as the director of the U.S. National Counterintelligence and Security Center warned in the early days of the pandemic, “there is nothing more valuable or worth stealing than any kind of biomedical research that is going to help with a coronavirus vaccine.” Because of the urgency created by the global health crisis and the value of being the first to market a vaccine, the researchers may be both more willing to cut corners with technology security and more likely to pay high ransoms to minimize work disruptions. The situation is proving irresistible to hackers, as even groups such as Maze—which publicly committed to refrain from attacking healthcare organizations throughout the pandemic—continue to mount attacks.
The UCSF hackers, who remain unidentified but were likely from Russia or Eastern Europe, were motivated primarily by the prospect of a large payday. However, data from other recent ransomware attacks suggests at least some overlap between hacking groups driven by profit and groups working on behalf of nation states to coopt American research for foreign vaccine efforts. In July, a federal grand jury in Washington State indicted two Chinese nationals on hacking charges. The defendants allegedly conducted a years-long hacking campaign, occasionally employing ransomware, and “in some instances acted for their own personal financial gain, and in others for the benefit of . . . Chinese government agencies.” The indictment identifies multiple specific instances between January and June 2020 when the defendants allegedly probed the servers of U.S. biotechnology and medical diagnostics companies for vulnerabilities, seeking to obtain sensitive COVID-19-related research.
In the wake of these recent attacks, companies and organizations—especially those involved in medical research related to COVID-19—should take all possible steps to protect their data and follow best practices for remote work. We will continue to monitor the unique threat environment caused by the COVID-19 pandemic.
- Morgan Lewis: Biden Administration Issues Order on Gender Identity and Sexual OrientationAs one of his first actions in office, President Joe Biden has issued an executive order ensuring that last year’s US Supreme Court decision in Bostock […] More
- Resolving Cross-Border IP Issues Via ArbitrationMorrison & Foerster’s article on the “Arbitration of Intellectual Property and Licensing Disputes”, featured in The Asia-Pacific Arbitration Review 2021, examines the viability and desirability […] More
- The “COVID Comeback” – Law Firm Tech Leaders’ Survey Shows Growth Again in 2021The Morrison & Foerster survey of Tech leaders reveals that two-thirds of dealmakers anticipate the market to expand this year; points to continued “COVID comeback” […] More
- Why Law Firm Directories Should Help Drive Law Firm DiversityClare Murray *– It is legal directory submission time again, the most important PR exercise of the year for firms and individual lawyers. Practices are […] More
- Clifford Chance & Data Litigation ToolkitThe risks to businesses of civil claims arising out of data breaches have been underplayed. Data litigation is on the rise and the exposures are […] More
- Cannabis Industry Handcuffs – Is Cannabis Banking Reform On The Way?Locke Lord – Those who follow the cannabis industry (and our blog) well know by now that federal cannabis reform is speculated about regularly, but […] More
- Yury Mosha – Russian Immigrant Gaining Congress Attention for Section 230How One Man is Making a Change Don Hagan – In the news, there has been a lot of attention towards technology, and […] More