Ransomware hackers in March hit a biotechnology research outfit working to understand the human body’s immune response to help speed development of a vaccine for the Coronavirus (Covid-19) pandemic.
The Pleasanton, California-based 10x Genomics, which designs and manufactures gene sequencing technology, confirmed the attack in an April 1, 2020 8-K Securities and Exchange Commission filing. In acknowledging the break-in, the company said it knew where the attackers had aimed and had since shored up the weak spot.
“In the midst of the COVID-19 situation in March 2020, 10x Genomics faced an attempted ransomware attack which also involved the theft of certain company data,” the filing said. “The Company isolated the source of the attack and restored normal operations with no material day-to-day impact ability to access its data.” Law enforcement and outside experts are working with the biotech firm in an ongoing investigation, officials said. It’s not clear if managed security service providers (MSSPs) are involved in the cyber kidnapping’s post-mortem processing.
The REvil ransomware crew claimed it was behind the hijack, Health IT Security reported. The gang said the heist included about 1TB of data, some of which was sensitive information.
Cyber thieves are using REvil ransomware to actively exploit gateway and VPN vulnerabilities in targeted healthcare organizations, particularly those straining under the Covid-19 load that haven’t installed security patches, updated firewalls, or checked privilege levels. Two weeks ago, Microsoft said it had told “several dozen hospitals” to immediately patch weaknesses in their VPN installations after finding evidence that a ransomware crew was probing for spots to exploit.
“Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information,” Microsoft’s Threat Protection Intelligence Team said in a blog post. “Our intel on ransomware campaigns shows an overlap between the malware infrastructure that REvil was observed using last year and the infrastructure used on more recent VPN attacks,” Microsoft said.
The VPN threats targeting hospitals are particularly foreboding as Covid-19 rampages worldwide. Healthcare organizations stretched thin in time and resources are more likely to meet ransom demands, the hackers figure. While some ransomware wise guys have pledged not to hit hospitals, others armed with Ryuk malware have refused to back off in yet another stark example for MSSPs not to let their guard down.
Earlier this year, cybercriminals used REvil to target unpatched Pulse Secure VPN servers to disable antivirus software. The ransomware has previously been used to attack managed service providers (MSPs), Texas local governments and encrypt data of hundreds of dentist offices.