Cybercriminals have gone too far – patient died after German hospital was hit by ransomwareSecurity hole in Citrix VPN software to blameRansomware operators get more and more aggressive and greedy

It is suspected that this might be the first death caused by cyberattack, ever. However, until the ongoing investigation is complete, this is a speculation, not a fact yet. It is unknown which ransomware family is to blame for the cyberattack. Some unconfirmed sources believe it might be associated with MAZE cartel.

Security hole in Citrix VPN software to blame

According to German news site heide.de, the attackers have gained access to the hospitals’ IT systems via security hole in Citrix VPN software known as “Shitrix.” It is believed that this could have happened months ago. That said, the whole shut-down of hospital’s servers was likely planned in advance. The cyber attack was implemented with a help of critical security vulnerability, identified as CVE-2019-19781, first reported in December 2019. The compromisation of the systems involved adding a backdoor, and as a result, installing software updates with patches fixed the vulnerability, but didn’t get rid of the backdoor. Using this backdoor, the attackers worked their way deeper into the system in the next few months. Companies that didn’t identify the malicious code were compromised later, resulting in encrypted files on the entire network.

Ransomware operators get more and more aggressive and greedy

In 2020, ransomware operators have gone way too far with their greed for money – targeting extremely sensitive data, they seem to have no conscience. While in the past they used to lock computer’s screen or encrypt personal files only, nowadays they steal private information from individuals and companies, threatening to publish information online. While previously these cybercriminals focused on home users mainly, nowadays their primary targets are large companies that are willing to pay hundreds of thousands to keep their and their customers’ private data safe. The appearance of Ransomware-as-a-Service, as well as partnerships between largest cybercriminal gangs resulting in cartels, such as Maze, Sodinokibi, Ragnarok, or LockBit have given a whole new perspective for the evolution of malware and Internet crime. It is known that healthcare institutions are one of the top targets for cybercriminals, as these facilities do not have time for delays as lives must be saved. However, human lives do not seem to be an area of interest for ransomware operators.