newspaper-fold Covid-19 Threat Intelligence Blog

Pandemic Intel week 39: Big Game Hunting Ransomware TTPs Create Threat to Human Life

September 22, 2020


Key Findings
  • Big Game Hunting Ransomware TTPs Create a Threat to Human Life.
  • Vaccine Data Remains a High Value Target.
  • Businesses With Continued Support for Remote Work Face Greater Risk of Cyberattack.

Demonstrated Shift In Ransomware TTPs Drives Further High-risk To Hospitals And Health Care.

A Ransomware attack targeted The Dusseldorf University Hospital in Germany, forcing the hospital to reroute inbound patients and reduce operations. One person has died possibly because of the attack’s effect on hospital operations. An investigation is ongoing. Ransomware operators demonstrate a clear and continued shift in strategy towards Big Game Hunting TTPs (Tactics, Techniques, and Procedures), where they actively target organizations in high-value/critical industries more likely to pay ransoms. This is perhaps the first instance of ransomware directly impacting human health.

The threat from ransomware remains high despite an overall decline in ransomware payload detections during the first six months of 2020. Ransomware has declined significantly in relation to all malware payloads detected via phishing. The remaining positive ransomware detections in the first half of 2020 represent a clear, continued shift in ransomware attack patterns to Big Game Hunting TTPs. Phishing represents one of the most popular delivery vectors for ransomware historically. 


Vaccine Data Experiences Continued High-Risk of Cyberattack Exposing its High-Value.

Chinese hackers have possibly stolen data from research centers in Spain that are working on a Covid-19 vaccine. The head of Spain’s National Intelligence Center (CNI) - Paz Esteban - confirmed attacks against the health and pharmaceutical industry.

Spain ranks among the top-10 countries with 671.000 Covid-19 cases. The country runs 10 vaccine projects, and clinical trials started in Spain 14th September. Threat actors will probably intensify cyber-espionage campaigns as Covid-19 research advances to its final stages.



Businesses That Support Remote Work Environments Face Greater Risk to Cyberattack Than Those Resuming ‘Normal’ Operations.

Brute-forcing unsecured RDP endpoints remains a major infection vector for cybercriminals. Due to increased remote working, RDP enabled devices that are exposed to the internet rose by 40% since the pandemic began. RDP attack volume peaked in approximately March-April 2020, but exposed remote systems remain at very high risk of attack as indicated by new data.

Clicking on phishing links and providing credentials observed to be three times higher than before Pandemic. This threat is especially high to remote workers who may be working outside of normal security controls and defenses. Although current attack activity volumes are lower than earlier in the pandemic, remote workers remain at higher risk of exploitation compared to those under ‘normal’ work environments because of underdeveloped security practices that support remote environments.

Many organizations are standing up to new challenges to support remote environments. If companies need to continue to support these environments for their workforce, they should adhere to strict security standards in order to reduce the risk of cyberattack.


As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 27th report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

3 more posts you might like