Lawrence Abrams of Bleeping Computer reached out to the operators behind some of the most prevalent ransomware this week. His question was a simple one: “Will you continue to target health and medical organizations during the COVID-19 pandemic?” So far two groups have answered Lawrence’s question–DoppelPaymer and Maze. The threat actors behind the DoppelPaymer ransomware said that if a medical or healthcare organization is mistakenly attacked, they will provide the facility with the decryption key for free. Interestingly, the group added that pharmaceutical companies do not get the same free pass as other healthcare organizations. The spokesman for the group stated that “they earn a lot of extra on panic” and that they “have no wish to support them.” Maze responded similarly, saying that they would stop attacking medical organizations until “the stabilization of the situation with the virus.” Unlike DoppelPaymer, Maze would not confirm if they plan to decrypt medical and healthcare facilities for free if they become infected unintentionally.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in