Pandemic Sees Surge In Healthcare Ransomware Attacks

coronavirus Image credit: World Health Organisation

Attackers turn to ransomware-as-a-service for easy access as pandemic creates opportunity to pounce on vulnerable healthcare IT

Cyber-attacks on healthcare organisations skyrocketed in 2020, with the surge showing no signs of abatement, as opportunistic criminals looked for ways to exploit the Covid-19 crisis, researchers said.

VMware Carbon Black said there were 239.4 million attempted cyberattacks targeting its healthcare customers, with an average of 816 attempted attacks per endpoint, a 9.851 percent increase over 2019.

The surge in attacks began in February, just as the pandemic began to spread worldwide, and peaked with an 87 percent increase from September to October.

Carbon Black cybersecurity strategist Rick McElroy said the pandemic had given hackers “limitless attack methods” against healthcare organisations.

M2M: The Future of Cybersecurity

Healthcare targeted

The increase in demand for ransomware tools to carry out attacks has led to a surge in affiliate programmes over the past year, where programmers provide their attack code in exchange for a cut of any profits.

This trend saw the return of Cerber, a ransomware-as-a-service (RaaS) tool that was widely used in 2017 but had since been eclipsed by other malware.

Cerber was the single most widely deployed ransomware family deployed against Carbon Black’s healthcare customers in 2020, used in 58 percent of attempted attacks, followed by Sodinokibi, VBCrypt, Cryxos and VBKrypt.

McElroy said the figures showed the “rapid rate” at which the strain could be licensed and used against targets.

Insider attacks

Carbon Black said attackers have turned to novel methods for deploying malware against health providers, such as recruiting insiders with direct access to high-value targets to facilitate infections in return for large sums or a percentage of the payout.

The hacking opportunities created by the pandemic have also seen partnerships in which hackers work with criminals who specialise in breaking into organisations and then sell access to other ransomware gangs.

“The FBI, Department of Homeland Security (DHS), and other federal agencies have all issued warnings about the surge in cyberattacks against healthcare organisations,” McElroy noted in an advisory.


The company said hacks against healthcare providers are continuing to pick up steam, with Covid-19 test results currently a popular target for theft, later to be resold on hacker forums.

Carbon Black urged healthcare organisations can take the opportunity of the pandemic to ensure proper security controls are in place as new technology is implemented to support remote work, remote patient care and other services.