Infosecurity Group Websites
Latest
News

Fatal Hospital Hack Linked to Russia

cyber-attack that caused a German hospital to refuse treatment to a woman who subsequently died has been linked to a Russian ransomware gang. 

Attackers struck Düsseldorf University Clinic (DUC) on the night of Thursday, September 10, gaining access by exploiting a vulnerability in some commercially available Citrix software.

The hospital's IT systems crashed as a result, and patients seeking urgent care were diverted to another hospital 20 miles away in Wuppertal. A woman who had to seek urgent care elsewhere because the digitally besieged DUC was unable to treat her later died.

A spokesman for the responsible public prosecutor's office at the Cybercrime Central and Contact Point (ZAC) said the investigation into the suspected negligent homicide of a patient is ongoing. 

According to a report published today in German newspaper Aachener Zeitung, the cyber-attack on the DUC was carried out using crypto-locking DoppelPaymer malware. 

First observed in April 2019, DoppelPaymer is a form of ransomware that is believed to have originated from Russia.

"DoppelPaymer is a fork of BitPaymer, and BitPaymer was attributed to Evil Corp, which has been sanctioned by the US and has ties to the Russian Government," said Emsisoft's Brett Callow. "The nature of the relationship between DoppelPaymer and Evil Corp is not clear, but some cooperation has been observed." 

DoppelPaymer uses virus-themed email subject lines to attract victims. Like ransomware thugs MAZE, its operators extort money from victims by encrypting and exfiltrating their data and threatening to sell and/or publish sensitive information on the darknet.

News that DoppelPaymer was deployed in this tragic attack was included in a report to the German state parliament's legal committee and announced earlier today by the Ministry of North Rhine-Westphalia. 

An investigation into the cyber-incident by German authorities found that hackers smuggled a "loader" into the server at the DUC, possibly months before the next phase of the attack was carried out.

On the night of September 10, the criminals caused encryption software to be downloaded, infecting 30 servers at the DUC. 

The hospital's IT systems remain disrupted in the wake of the attack, threatening the safety of other people seeking urgent treatment. Emergency room services are expected to be restored this week. 

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Minnesota Suffers Second-Largest Data Breach

2
News

Cyber-Criminals Spoof Texas Government

3
News

US CISA: Agencies Must Patch Zerologon Bug by Monday

4
News

Dunkin' Donuts Parent Settles Cyber-attack Lawsuit

5
News

FinCEN Leak Exposes $2tn of Money Laundering Activity

6
News

UK Home Office Data Loss Incidents Surge by 120%

1
News

179 Arrested for Darknet Drug Trafficking

2
News

Data Breach at Long Island Hospital

3
News

Fatal Hospital Hack Linked to Russia

4
News

Cisco: Ensure Collaboration to Better Survive Remote Working

5
News

71% of CISOs Believe Cyber-warfare is a Threat to Their Organization

6
News

Uncomplicated Cyber Insurance Program Launched

1
Webinar

The Remote Workplace: Managing the New Threat Landscape with ISO 27001

2
Webinar

Security in the Cloud - Emerging Threats & the Future

3
Webinar

A Better Defense: Does Modern Security Fit With Modern Attacks?

4
Webinar

What an Insider Threat Strategy Should Consist of for Effective Detection

5
Webinar

Breaches be Dammed: Seal the Cracks with Software-Based Segmentation

6
Webinar

Lessons Learned from the Twitter Spear-Phishing Attack

1
Online Summit

Infosecurity Magazine EMEA Online Summit - Autumn 2020

2
Blog

Cyberwarfare: the New Frontier of Wars Between Countries

3
Online Summit

Infosecurity Magazine North America Online Summit - Fall 2020

4
Interview

Interview: Uri May, CEO and Co-Founder, Hunters

5
Webinar

Breaches be Dammed: Seal the Cracks with Software-Based Segmentation

6
Opinion

Overcoming the Ongoing Exploitation of Vulnerabilities