The number of ransomware attacks globally has dropped significantly since the coronavirus crisis intensified in March, according to a new report from Chainalysis.
The blockchain analytics firm said the drop was particularly significant given there were growing concerns over the impact of ransomware attacks against hospitals and other healthcare organizations during the crisis.
Hospitals are a favoured target for ransomware gangs. Security software provider Emsisoft reported that over the course of 2019, at least 764 healthcare providers in the U.S. had been attacked. In mid-March Emsisoft publicly implored ransomware gangs to stop targeting hospitals due to the potential fatal impacts during the crisis.
Kim Grauer, senior economist at Chainalysis, told that despite the overall drop, some hospitals were still being attacked:
“Hospitals appear to be the victims of several of the recent ransomware attacks, even though the admins of some active strains (“dopplepaymer” and “maze”) publicly said they would not attack hospitals during these times. This is probably because they [hospitals] can’t afford to lose access to vital, often sensitive patient data and therefore are considered more likely to pay up, especially during a health crisis.”
Chainalysis found a big drop in the USD value sent to known ransomware addresses. In February the figure was approaching $2 million, but it fell to below $500,000 in March. The number of addresses also fell significantly in March. As not all ransomware addresses are known, the onchain data is not comprehensive. Grauer said its results were indicative however:
“One important caveat in our ransomware research is that the total number of ransomware incidents is always hard to quantify because there is a massive underreporting problem. That being said, nothing seems to have fundamentally changed for the criminals carrying out ransomware attacks over the past few months.”
Chainalysis reached out to Bill Siegel, CEO of Coveware, to see if their conclusions were correct. He said: “I haven’t seen a major material increase in attacks. Healthcare providers remain a frequent target, but the stakes are much higher now. “More people will probably care if a big hospital is attacked and patient care is impacted, but criminals don’t seem to care.”
Siegel noted scammers have been incorporating COVID-19 in phishing emails:
“There’s been a gargantuan explosion of phishing emails related to Covid-19. People are getting so many legitimate emails from their employers and vendors about the virus that ransomware attackers have an opportunity to blend in.”
Siegel said he had also notice an increase in ‘Mamba’ ransomware attacks, which avoids the phishing emails/malware infection route and instead directly attacks the victim’s network to encrypt their files with encryption software called Jetico:
“We’re not sure why Mamba attacks would be increasing now, but my personal theory is that skilled programmers who’d normally be at work have more time on their hands at home now.”