Internet

Hospitals and medical institutions are being cyber-kidnapped in the middle of the coronavirus pandemic

Photo of Roberto Solé Robert Sole Follow on Send an email 15 April 2020
0 757 1 minute of reading
covid coronavirus vaccine video games covid-19

These days, hospitals around the world are fighting the coronavirus pandemic with little means. Doctors these days face an unprecedented health problem, and they do it with little means. As well, hacker groups they have intensified their attacks on hospital computer networks. These cyberterrorist groups seek to hijack medical institutions and government institutions to demand ransoms and steal information.

According to an investigation conducted by the Palo Alto Networks company, crackers do not make distinctions when it comes to their attacks. Although there are groups that have decided not to attack health institutions, there are others who do not care about everything. Something that only makes it harder for medical professionals.

Hospitals continue to suffer digital kidnapping attempts

Palo Alto Networks does not indicate which institutions are suffering from these attacks. They just mention government departments of health and a medical research university in Canada. Both organizations were reportedly victims of data theft and computer hijacking with the intention of demanding a ransom. The two attacks occurred between March 24 and 26.

Such computer hijackings are initiated by emails containing malware. All the attacks would seek to pretend that they are from the World Health Organization. All the emails would be sent agencies of the health system and the like that are actively fighting the coronavirus.

Inside is attached a file called "20200323-sitrep-63-covid-19.doc". This file runs malicious software that hijacks the system based on the Microsoft CVE-2012-0158 vulnerability. The vulnerability is in Microsoft ListView / TreeView Active Controls within the MSCOMCTL.OCX library.

Thus, the system infected by this binary digital hijacking pings the control server that injects an image that notifies the user of the hijacking. The data on the computer equipment is then encrypted by means of a password with the extension ".locked20". The hijacking software is based on an EDA2 structure, one of the most common.

Interpol is already working to notify all health institutions about these emails and the risk of opening or downloading files from unofficial sources. They also recommend backing up the database on systems without internet connection.

Source: THN

Photo of Roberto Solé Robert Sole Follow on Send an email 15 April 2020
0 757 1 minute of reading
Show more
Photo of Roberto Solé

Robert Sole

Director of Contents and Writing of this same website, technician in renewable energy generation systems and low voltage electrical technician. I work in front of a PC, in my free time I am in front of a PC and when I leave the house I am glued to the screen of my smartphone. Every morning when I wake up I walk across the Stargate to make some coffee and start watching YouTube videos. I once saw a dragon ... or was it a Dragonite?

Related publications

Wing

Google prepares drone shipments in the United States

October 18, 2019
moviepass

Moviepass changes users' passwords so they don't use their cards

August 9, 2019
twitch amazon beaches pools hot tubs category categories

China blocks Twitch for unknown reasons

September 23, 2018
master xp coolermaster

Cooler Master announces its new Master XP platform

19 February, 2021

Leave your comment

Your email address will not be published. Required fields are marked with *

Button back to top
Close

Ad blocker detected

This site is funded through the use of advertising. We always make sure that the advertising is not too intrusive for the reader and we prioritize the reader's experience on the website. However, if you block the ads, part of our funding will be reduced.