Fresenius SE & Co. KGaA, Europe’s largest private hospital operator, has been hit by ransomware that has limited the use of some of its systems as it treats COVID-19 patients.

The company, which also holds a 40% share of market for kidney dialysis in the U.S. — COVID-19 patients sometimes suffer kidney failure and require dialysis — was targeted by Snake ransomware, according to security expert Brian Krebs today.

Snake ransomware as first detected in January and was said at the time to contain a higher level of obfuscation than is typical of previous forms of ransomware. Snake removes a targeted computer’s Shadow Volume Copies and then kills numerous processes related to SCADA (short for supervisory control and data acquisition) systems, virtual machines, industrial control systems, remote management tools, network management software and more. It then proceeds to encrypt the files across all connected devices.

The size of the infection at Fresenius is not entirely known but systems in the U.S. are said to be infected. The company itself confirmed the attack, saying in a statement that it “has detected a computer virus on company’s computers in a number of areas.”

“As a precautionary measure in accordance with the security protocol drawn up for such cases, steps have been taken to prevent further spread,” the company said. “Nevertheless, our production continues, with certain limitations. Also our patient care continues. Our hospital business, for example, is not affected at all.”

Despite cybercriminals urging others to not take advantage of the COVID-19 pandemic to target hospitals and other healthcare providers, the opposite has occurred, with repeated attacks.

“As expected, the purported ceasefire on healthcare providers by ransomware operators has proven short-lived,” David Jemmett, founder and chief executive officer of information technology services management company Cerberus Sentinel, told SiliconANGLE. “Rather than being rooted in any sort of altruism, the attackers were simply waiting for the optimum time to strike — when Fresenius was under immense strain as it attempted to meet the demands onset by the COVID-19 pandemic. This should act as a lesson to other healthcare providers and industries.”

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, noted that the incident is a “colorful validation of the U.S. Federal Bureau of Investigation’s warning not to pay ransom.”

“Reportedly, Fresenius has already paid a seven-digit ransom in the past to recover from a similar attack,” Kolochenko explained. “Obviously, such a generous payment did not leave unscrupulous cybercriminals indifferent. Instead, they quickly exploited the windfall and perfidiously re-raided this susceptible victim amid the crisis.”

Javvad Malik, security awareness advocate at security awareness training company KnowBe4 Inc., said that it’s especially unfortunate that during a pandemic criminals are attacking and crippling systems belonging to hospitals and other medical facilities.

“It’s important for organizations to not slow down in their cybersecurity efforts,” Malik said. “This includes a layered approach to make it difficult for attackers to target systems, providing security awareness and training to employees to identify phishing emails and having robust threat detection and response capabilities.”

Photo: Fresenius