The Times Magazine 35Some cybercriminals posed as legitimate
purveyors of PPE, taking millions of dollars
in fraudulent pre-payments for protective
equipment that never arrived. In other
cases, they used the urgency of the pandemic
to request that wire payments be moved
up and account information changed
“due to the coronavirus outbreak and
quarantine precautions”.
Cybercriminals exploited government
stimulus payments, unemployment loans and
benefits to trick agencies into transferring
millions of dollars earmarked for small
businesses to criminals’ own accounts. They
seized on the need for a dispersed workforce
to access employer systems and data remotely.
In a series of extortion attacks, cybercriminals
threatened to deluge victims with web traffic,
cutting off customers’ and employees’ access
to their online services, in exchange for a
hefty payment. Among the more high-profile
targets was Travelex, the British foreign
exchange company. In some cases, these
cybercriminals demanded 20 bitcoin – more
than $1 million at today’s rates – to leave
these victims alone. And when victims
refused to pay, hackers turned up the pressure,
increasing ransom demands by ten bitcoin
each day unpaid.
Ransomware attacks became our new norm.
Schools, electricity and energy companies,
retailers and – perhaps most distressing of
all – hospitals found their systems and data
held hostage at dizzying speeds. During the
pandemic, cybercriminals cut the time it took
from their initial entry to holding an entire
organisation’s network for ransom to under
45 minutes. The attacks upended the lives of
doctors, nurses and patients across the UK
and the US and became their own kind of
pandemic, as Russian cybercriminals shut
down clinical trials and treatment studies
for a coronavirus vaccine and held hostage
Universal Health Services, a major hospital
chain with more than 400 locations across
the US and UK.
In New England, healthcare workers at the
University of Vermont Medical Center found
that they could not give cancer patients
chemotherapy infusions because the hospital’s
electronic medical record system had been
wiped out. Some tried to recall complicated
chemotherapy protocols from memory. Nurses
described the situation as “dire”. One compared
the attack to working in the burns unit of a
hospital after the Boston marathon bombing.
The attacks on hospitals and healthcare
organisations became so frequent that inMay, the UK’s National Cyber Security
Centre (NCSC) and the US Cybersecurity
and Infrastructure Security Agency (CISA)
jointly warned the sector that the attacks had
become so unyielding – the culprit was stolen
passwords – that there was only so much
government officials could do.
“We can’t do this alone,” warned Paul
Chichester, the NCSC’s director of operations.
By July, these attacks were no longer
the work of cybercriminals with stolen
passwords. That month, Chichester again
sounded the alarm after hackers, believed
to be Russian, were caught using never-
before-seen bespoke tools to break into the
organisations leading vaccine research and
development in the UK, Canada and the US.
He described these as “despicable attacks
against those doing vital work to combat
the coronavirus pandemic”.
Over that same period, China also emerged
as one of the most prolific hackers of vaccine
research and development. Last May, the
FBI and CISA jointly accused Chinese hackers
of “attempting to identify and illicitly obtain
valuable intellectual property and public
health data related to vaccines, treatments
and testing from networks and personnel
associated with Covid-19 related research”.Some cybercriminals posed as legitimate purveyors of PPE. Ransomware attacks
on health systems shut down clinical trials for a coronavirus vaccine
FBI agent Michael Christman (far right)
announces charges against six Russian
officers suspected of cyberattacks