Skip to main content

2020-013 Ransomware targeting Australian aged care and healthcare sectors

Recently there has been a significant increase in healthcare or COVID-19 themed malicious cyber activity, including targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the ‘Maze’ ransomware.

The Australian Cyber Security Centre (ACSC) is aware of recent ransomware campaigns targeting the aged care and healthcare sectors. Cybercriminals view the aged care and healthcare sectors as lucrative targets for ransomware attacks. This is because of the sensitive personal and medical information they hold, and how critical this information is to maintaining operations and patient care. A significant ransomware attack against a hospital or aged care facility would have a major impact.

The ‘Maze’ ransomware is designed to lock or encrypt an organisation’s valuable information, so that it can no longer be used, and has been observed being used alongside other tools which steal important business information. Cybercriminals may then threaten to post this information online unless a further ransom is paid. This is especially effective in the aged care and healthcare sectors.

Recommendations

If Australian organisations are infected by the Maze ransomware, they should seek assistance in the first instance from the ACSC via 1300 CYBER1. We encourage reporting cyber security incidents to enable the ACSC to alert and assist a broader range of organisations, and understand the scope and nature of cyber intrusions.

Read the ACSC advice on mitigating the threat of ransomware. Keeping software up to date and having current backups stored offline is the best way to protect your organisation from a ransomware attack.

Never pay a ransom demand

We recommend you do not pay the ransom if affected by the Maze ransomware. There is no guarantee paying the ransom will fix your devices, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.

Identify and backup critical information and systems

Backing up and restoring your files offers peace of mind and makes it faster and easier to get up and running again following a ransomware attack.

Keep your systems and software up to date through regular patching

All your personal or business devices including your phone, tablet, computer or laptop use software to run, such as operating systems like Microsoft Windows or Apple MacOS; and antivirus, web browsers or word processors at work. Read more about patching software.

Use antivirus software and keep it up to date

Install antivirus software on all devices and set the software to automatically check for updates on a daily basis.

Further information

Further information on the Maze ransomware can be found at:

Contact details

If you have any questions regarding this guidance you can contact us or phone 1300 CYBER1 (1300 292 371).