{
	"id": "3f3621fc-a183-4c9d-8280-2bcaf06f1530",
	"created_at": "2026-04-06T03:37:07.947137Z",
	"updated_at": "2026-04-10T03:21:15.653939Z",
	"deleted_at": null,
	"sha1_hash": "55cc97be0228fe783602accbbbac0ad6243e5749",
	"title": "Maze Ransomware Targets the Hospitals and Labs Fighting Coronavirus | Tripwire",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 57279,
	"plain_text": "Maze Ransomware Targets the Hospitals and Labs Fighting\r\nCoronavirus | Tripwire\r\nBy Guest Authors\r\nPublished: 2020-05-05 · Archived: 2026-04-06 02:57:36 UTC\r\n“Never let a good crisis go to waste.” These wise words have been recently attributed to former Bill Clinton\r\nChief of Staff Rahm Emanuel, though Freakonomics actually dates it back to 1976 and a completely different\r\ncontext. Regardless of who first uttered the phrase or some permutation of it, modern-day cybercriminals have\r\ntaken the candid advice to heart and ramped up ransomware attacks on hospitals, labs, and other medical facilities\r\nthat are engaged in the battle to keep the upper hand on Covid-19. We all remember ransomware, right? Before the\r\nrecent pandemic consumed the entire news cycle, ransomware was all the rage as malicious hackers took over\r\nincreasingly larger computer networks, even those used by major universities and cities, to threaten data\r\ndestruction unless their ransom demands were paid in Bitcoin. Now the bad guys are going after the people on the\r\nfrontlines who are trying to keep us alive.\r\nhttps://commons.wikimedia.org/wiki/File:Ransomware-pic.jpg\r\nDeploying Maze\r\nIn the early stages of Covid-19, hacking groups pledged to leave hospitals and medical organizations alone for a\r\nfew weeks or until the outbreak subsided. Almost immediately after these assurances were given, a London-based\r\nlab, Hammersmith Medicines Research, an outfit that was researching vaccines, found itself under attack from a\r\nransomware variant known as Maze. Soon similar attacks rolled out across the world. It was obvious that promises\r\nfrom these criminals had absolutely zero value. In the world of Dark Web entrepreneurialism, nothing is sacred,\r\nnot even human life. Maybe especially not human life as it serves as the most powerful bargaining chip. Medical\r\nprofessionals might remember Hammersmith as the outfit that was involved with an Ebola solution a few years\r\nback and is making great strides on both Alzheimer’s disease research and the Covid front. Maze has been the\r\nransomware of choice during the current proliferation of attacks and, as might be expected, it comes with a clever\r\n(some might say evil) twist. In addition to the typical Bitcoin payment, Maze, which was discovered in May 2019,\r\nalso threatens to post patient records online. This final twist of the knife of publicly posting private data puts an\r\norganization in immediate violation of GDPR and at risk of massive fines. Several hackers have already shown\r\nthat the threat to release records is not an idle one. Some records have been released when organizations have\r\nchosen not to pay.\r\nhttps://en.wikipedia.org/wiki/File:Mckie_cartoons_pants_ransom.jpg\r\nThe Good Guys Respond\r\nYou know it’s a serious global issue when the International Criminal Police Organization (INTERPOL) gets\r\ninvolved, as they have with the current spate of Maze incursions. The organization has partnered with private\r\nhttps://www.tripwire.com/state-of-security/healthcare/maze-ransomware-targets-hospitals-labs-fighting-coronavirus/\r\nPage 1 of 2\n\nfirms to come up with best-practice security and privacy tactics and are actively pursuing the capture and\r\nprosecution of various malfeasance engaged in this odious game. But in the final analysis, the same prevention\r\nand mitigation strategies that cybersecurity experts have been advising for years are the boots-on-the-ground\r\nsolution. The delivery method of choice thus far has been via emails containing links that, once clicked, download\r\nthe bug into your system. If you don’t want the bug, don’t click. So, here’s a bit of handy advice to write down on\r\na wall beside your desk somewhere: Don’t click on email links unless you know for sure where it came from.\r\nInterpol has a half dozen tips that healthcare organizations should implement immediately. Among them are the\r\nfollowing:\r\nAs mentioned, don’t click an email link or download a software or application unless you have triple-checked its authenticity.\r\nTo emphasize, do NOT click email links or open attachments unless it is something you specifically\r\nrequested or asked to receive. In other words, if it’s an unknown sender, don’t even think about touching it.\r\nInstall state-of-the-art spam protection on email accounts. The latest generation of AI-powered spam\r\ndetection applications has become fairly sophisticated at picking off the bad stuff and “learns” the longer it\r\nis in place.\r\nBackup system files and all data regularly, either to an external drive or, even easier, to a secured cloud\r\nstorage account. If you have a copy of everything stored offsite, meaning separate from your working\r\nnetwork, it’s a simple matter to erase the ransomware and restore your system with the most recent backup.\r\nKeep anti-virus and anti-malware software installed, running, and up-to-date on your network and all\r\nmobile devices. Any point where the network is accessed from the outside is a threat vector. Regular\r\nsoftware updates are a huge necessity so don’t neglect this, as failure to do so opens your network to\r\nmalware infection and/or zero-day exploits.\r\nYou’ve probably heard this a lot already, but create strong, unique passwords for the network and all users\r\nand require them to be changed regularly.\r\nFinal Thoughts\r\nThe last bit of advice for healthcare organizations struggling to stay on top of Covid-19 and fight off hacker\r\nattacks at the same time. Pay attention to the prevention strategies up there, none of which require a degree in\r\ncybersecurity to implement. They just take a little time, which is admittedly in short supply right now, but if it\r\nprevents a complete system take-down, it’s worth making room. Good luck and stay out of the Maze. By the way,\r\nHammersmith refused to pay the ransom, so the hackers released some records publicly, though the company says\r\nthe documents were a few decades old and not traceable to individuals.\r\nAbout the Author: Gary Stevens is an IT specialist who is a part-time Ethereum dev working on open source\r\nprojects for both QTUM and Loopring. He’s also a part-time blogger at Privacy Australia, where he discusses\r\nonline safety and privacy. Editor’s Note: The opinions expressed in this guest author article are solely those of\r\nthe contributor, and do not necessarily reflect those of Tripwire, Inc.    \r\nSource: https://www.tripwire.com/state-of-security/healthcare/maze-ransomware-targets-hospitals-labs-fighting-coronavirus/\r\nhttps://www.tripwire.com/state-of-security/healthcare/maze-ransomware-targets-hospitals-labs-fighting-coronavirus/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.tripwire.com/state-of-security/healthcare/maze-ransomware-targets-hospitals-labs-fighting-coronavirus/"
	],
	"report_names": [
		"maze-ransomware-targets-hospitals-labs-fighting-coronavirus"
	],
	"threat_actors": [],
	"ts_created_at": 1775446627,
	"ts_updated_at": 1775791275,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/55cc97be0228fe783602accbbbac0ad6243e5749.pdf",
		"text": "https://archive.orkl.eu/55cc97be0228fe783602accbbbac0ad6243e5749.txt",
		"img": "https://archive.orkl.eu/55cc97be0228fe783602accbbbac0ad6243e5749.jpg"
	}
}