It was the best of times, it was the worst of times

Calamity always magnifies the light and darkness in people. We see countless stories about people finding ways to help others in myriad and often creative ways:

• Armies of crafters who are sitting at home sewing face masks;
• Big companies re-tooling their factories to make hand sanitizer and PPE items that are urgently needed and in short supply;
• Retired healthcare specialists who are again donning their scrubs with no regard for their own safety;
• People in hospital sanitation who make it possible for the doctors to do their jobs;
• Postal & food delivery workers who are continuing to work to bring essential items to people in lockdown despite the risks to themselves.

...and so many, many more. The stories of the helpers are the ones that inspire us to be better people, and reassure us that not everything is terrible, even when the world appears to be on fire.

Then there are the other kinds of stories. The stories about the people who use the destabilisation and panic caused by calamity, for personal profit.

The groups and individuals that are delighted to use the confusion and fear generated by large disasters of any kind to prey on vulnerable people are very active right now. They use fear to con people into buying fake vaccines or cures, to donate to charities that are not real, to buy protective gear that never arrives, and to fool people into revealing their credit cards and identities using various social engineering, phishing, non-delivery and auction fraud scams.

Possibly the most far-reaching and dangerous type of attack is ransomware. A ransomware attack on a healthcare provider locks down computers that typically contain electronic medical records, making it impossible for caregivers to access patient care information including medical histories, the dosages of drugs that patients require and other critical data. The attackers then offer to unlock the affected network in exchange for a ransom. Many victimized hospitals and laboratories, fearing casualties, pay the ransom.

Brno University Hospital - second largest in the Czech Republic - was attacked in mid-March, which forced it to cancel operations, relocate patients and delay Covid-19 test results. At the time of this writing a team that works with the Czech Republic CERT is still working to fix the hospital's network.

Hammersmith Medicines Research, a British company that is on standby to perform the medical trials on any COVID-19 vaccine, was targeted with a ransomware attack on March 14. The attack was deflected, although some patient data was exfiltrated and subsequently published. This points up the willingness of these malefactors to attack even institutions that are critical to the creation of a vaccine, which would presumably also be of interest to the attackers.

Hammersmith managing director Malcolm Boyce said: "My message to other companies is to do everything possible to safeguard yourself because they are quite capable of putting companies out of business, and they are totally without conscience.”

The healthcare sector is under unimaginable pressure from all directions at this time, and in view of this, Spamhaus is offering our DNS Firewall services free to healthcare providers through the end of 2020.

Our DNS Firewall works by preventing DNS requests from resolving to malicious domains, and IP addresses by querying selected datasets. This provides users with automatic mitigation against threats including phishing, malware, ransomware and botnet C&Cs. The additional layer of protection at the DNS level gives Security and IT teams the ability to save on valuable resources, and focus on other urgent matters.

If you are a Healthcare provider and would like to get access to either our DNS Firewall Managed Service, or our DNS Firewall Threat Feeds please provide your contact information, and we will be in touch quickly.