Patterson Belknap – As we previously described and as reflected in the rapidly increasing number of cyber-attacks since its start, the COVID-19 pandemic has triggered a shift in working practices that hackers and other bad actors are using to their advantage.
Recent studies show a 273% percent rise in large-scale data breaches in the first quarter of 2020, compared to prior-year statistics, and a 109% year-over-year increase in ransomware attacks in the United States through the first half of 2020. This post will focus specifically on ransomware attacks targeting researchers working on a COVID-19 vaccine and how these attacks have evolved since the start of the pandemic.
In a ransomware attack, hackers use phishing or other means to introduce malware onto the victim’s computer system that encrypts the system, rendering the files and data on the system inaccessible to the victim. The hackers then attempt to extract a monetary payment from the victim in exchange for the key needed to decrypt the compromised files. In some instances, hackers also threaten to publicly release encrypted data by a specified deadline if no payment is received.
Recent ransomware attacks have targeted entities conducting confidential COVID-19-related research, including firms and groups working to develop a vaccine for the virus. In March, for example, the Maze ransomware hacking group attacked a British research company that was preparing to conduct trials of a COVID-19 vaccine. The hackers released thousands of personal medical records stolen from the company’s servers after the company, which stated it lacked funds to pay a ransom, refused to pay. In April, the U.S. firm 10x Genomics—which was performing sequencing research from the cells of patients who had recovered from COVID-19—suffered a ransomware attack. The hacking group Sodinokibi took credit for that attack, claimed to have stolen one terabyte of sensitive data and publicly released some of that information. More recently, in June, hackers infiltrated servers in the epidemiology and biostatistics department of the University of California at San Francisco. UCSF, then in the midst of research into a COVID-19 treatment or vaccine, hired a professional negotiator and agreed to pay a $1.14 million ransom for the decryption key (according to a leaked transcript). Other recent targets of ransomware attacks include pharmaceutical companies working on trial-stage COVID-19 vaccines, such as Moderna.
These attacks show that hackers are capitalizing on the vulnerabilities exposed by changing work patterns, such as increased use of personal e-mail accounts and “shadow” IT. However, the increase in ransomware incidents specifically further suggests that high-stakes COVID-19 research may make companies especially attractive targets because, as the director of the U.S. National Counterintelligence and Security Center warned in the early days of the pandemic, “there is nothing more valuable or worth stealing than any kind of biomedical research that is going to help with a coronavirus vaccine.” Because of the urgency created by the global health crisis and the value of being the first to market a vaccine, the researchers may be both more willing to cut corners with technology security and more likely to pay high ransoms to minimize work disruptions. The situation is proving irresistible to hackers, as even groups such as Maze—which publicly committed to refrain from attacking healthcare organizations throughout the pandemic—continue to mount attacks.
The UCSF hackers, who remain unidentified but were likely from Russia or Eastern Europe, were motivated primarily by the prospect of a large payday. However, data from other recent ransomware attacks suggests at least some overlap between hacking groups driven by profit and groups working on behalf of nation states to coopt American research for foreign vaccine efforts. In July, a federal grand jury in Washington State indicted two Chinese nationals on hacking charges. The defendants allegedly conducted a years-long hacking campaign, occasionally employing ransomware, and “in some instances acted for their own personal financial gain, and in others for the benefit of . . . Chinese government agencies.” The indictment identifies multiple specific instances between January and June 2020 when the defendants allegedly probed the servers of U.S. biotechnology and medical diagnostics companies for vulnerabilities, seeking to obtain sensitive COVID-19-related research.
In the wake of these recent attacks, companies and organizations—especially those involved in medical research related to COVID-19—should take all possible steps to protect their data and follow best practices for remote work. We will continue to monitor the unique threat environment caused by the COVID-19 pandemic.
Patterson Belknap, written for the Data Security Law Blog by Andrew M. Willinger and Michael F. Buchanan
- Unlock the Full Potential of Your Law Firm Marketing: 7 Automation Tips for Law FirmsBenjamin Boman* – Marketing automation seems to be a popular but not well-defined topic outside the world of marketing professionals. Having previously worked in the …
Unlock the Full Potential of Your Law Firm Marketing: 7 Automation Tips for Law Firms Read More »
- Finding the Right Environmental Lawyer for You: How to Choose the Best Fit for Your NeedsEnvironment law is one of the fastest-growing areas of legal practice, with specialist firms and boutiques rubbing shoulders with Big Law practices with teams of …
Finding the Right Environmental Lawyer for You: How to Choose the Best Fit for Your Needs Read More »
- Key Steps To Obtaining The Best Branding Packages For Small BusinessesWhen selecting branding packages for a small business – including law firms and other professional firms – there are some key questions that are vital …
Key Steps To Obtaining The Best Branding Packages For Small Businesses Read More »
- Everything You Need to Know About Condo Property Damage LawsuitsLaura Byers – Condo property damage lawsuits are not an uncommon occurrence unfortunately and dealing with them can be complex, time-consuming, and costly. The use …
Everything You Need to Know About Condo Property Damage Lawsuits Read More »
- 5 Legal Transcription Companies Your Law Firm Should Consider UsingHow do you choose from all the legal transcription companies the one that you can work with? We have listed five top choices.
- 7 Factors That Can Make Personal Injury Lawsuits More Complicated than They Need BeWe are often asked about personal injury lawsuits in terms of the ‘risk factors’ and what can create problems when proving a personal injury claim …
7 Factors That Can Make Personal Injury Lawsuits More Complicated than They Need Be Read More »
- Clifford Chance: The metaverse: When is real estate no longer real?Approximately US$2 billion worth of ‘land’ has changed hands so far this year without a single human ever setting foot on it and with the …
Clifford Chance: The metaverse: When is real estate no longer real? Read More »