The government’s Centre for Cyber-Security (CCB) has issued a warning to hospitals in Belgium to take precautions to avoid being the victim of cyber-attacks.
The new coronavirus (Covid-19) pandemic has given an impetus to cyber-criminals to take advantage of the situation to carry out their crimes. The criminals are able to exploit a general sense of confusion and over-worked hospital personnel to turn the emergency to their own profit.
The most common form of cyber-crime at the moment is ransomware. It works as follows:
The criminal sends a link via email or social media, which if clicked on by someone who is not aware of the danger will cause a tiny piece of software to be downloaded which then takes over the computer of the user.
Typically, the user then receives a message that their computer and all of its files have been blocked. The only way to unblock the computer is to pay a ransom, sometimes in bitcoin, to a given address. In some cases, there is a deadline at which point the computer’s files will be irreversibly deleted.
Ransomware is effective because most computer users are lax regarding security, and because social media has conditioned us to click on links without checking the origin. It is also a simple method for criminals to use.
In recent months, the problem has been used against industrial companies like Picanol in West Flanders, and the administration of Willebroek commune in Antwerp province. In both cases the system was shut down for days while the problem was resolved. Undoubtedly there have been other cases where the ransom was paid without a word of publicity.
“Our Computer Emergency Response Team monitors everything that goes on in Belgium and other countries,” CCB spokesperson Katrien Eggers told De Tijd. That includes an attack on a hospital in the Czech Republic that was the victim of one attack.
“We have warned the hospitals of the threat. We pointed out to them the latest advice on how to protect themselves from ransomware attacks.”
That advice applies to hospitals as well as other business and personal computers: use anti-virus software on all machines; use Virtual Private Networks (VPN) to access the internet; limit administrator privileges to a few experts; update software regularly; make back-ups in a safe location and keep staff informed about good digital hygiene.