Ransomware is a powerful resource used by malicious agents to blackmail individuals and organizations for a ransom. And with bigger, more important victims, the criminals could get heftier rewards, right?
The logic behind this statement makes sense. If a malicious party successfully attacks a powerful institution, in charge of sensitive or critical activities, the criminal may have some additional leverage to obtain a larger ransom.
For many years, cybercrime has caused billions in losses. The society, along with its businesses and public institutions, was paying for those financial blows. But things are changing as technology becomes more of an intrinsic element in our lives.
Life loss was something unthinkable as a consequence of cybercrime, until now. Cyberattacks are evolving at their core. Human lives are truly at stake now, despite how dramatic this may sound.
The German Case
Malicious actors, particularly ransomware operators, have stated since the beginning of the ongoing pandemic that they would leave healthcare providers, such as hospitals, alone. They would look for victims at other places. However, accidents can happen.
On September 10, the University Hospital of Düsseldorf suffered a cyberattack that disabled critical systems. The ransomware attack targeted a Citrix ADC CVE-2019-19781 vulnerability that shut down the hospital’s infrastructure on different levels.
As a result, a woman that was hospitalized at the facilities had to be sent quickly to another hospital, one that is 20 miles away. Due to her condition, she died.
As the authorities investigate the case and legally consider it a homicide, the malicious party responsible left a ransom note suggesting that the ransomware software was used directed to the Heinrich Heine University and not the affected hospital.
If the ransom note reflects the truth, it may mean that the attack was misdirected, a mistake that ended up affecting an essential facility and causing a civil casualty.
Cyberwarfare and Our Expectations
As the terms “cyberwarfare”, “state-backed espionage”, and “cyberterrorism” become more common, we cannot simply ignore the potential threats to be seen in a not-so-distant future.
Cyberattacks have the power to cause life loss in many ways. The German case may be the first time that ransomware is involved in a person’s death. Unfortunately, we cannot be sure that this situation will not happen again.
Cyberwarfare is a new reality that slowly develops in front of us. Governments all over the world and their operators are using cyberattacks to inflict damage to their enemies’ infrastructure. As technology becomes an essential part of managing cities and nations, the risk grows bigger.
There are other dimensions of this challenge to be considered. Back in May 2019, we witnessed the first real-time physical response to a cyberattack, one that resulted in life loss. The Israel Defense Force carried out an airstrike on a building where suspected HAMAS threat agents were operating. The number of deaths is unknown but the situation alone was shocking and scary enough to draw the cybersecurity’s community attention.
The German case is another chapter in this story. Yet, the solution isn’t to stop technology’s integration to our society as it provides extraordinary perks in quality of life and overall progress.
Instead, the real solution is to fight the threats back with robust cybersecurity solutions.
Healthcare facilities all over the world, especially after witnessing this awful event, will most likely evaluate their options to protect their systems. Even if malicious agents make public promises of leaving hospitals alone during these difficult times, this should not be reason enough to keep their infrastructure unprotected.