It's common knowledge that hackers are highly opportunistic and certainly not above targeting children, the sick and the dying if there's money to be made.
Even so, attacking a drug company currently doing research to find a vaccine for COVID-19 has to be counted as a new low, even for hackers. Sadly, that exact scenario has happened.
Recently, Hammersmith Medicines Research LTD (HMR) sent out a notification informing their patients and clients that they had been the victim of a ransomware attack. Worse, when the company refused to pay the ransom, the hacking group published some of the data they stole on the Dark Web in a bid to pressure the company to pay up.
HMR's statement reads, in part, as follows:
"We are sorry to report that, during 21-23 March 2020, the criminals published on their website records from some of our volunteers' screening visits. The website is not visible on the public web, and those records have since been taken down. The records were from some of our volunteers with surnames beginning with D, G, I, or J."
The statement goes on to detail the data that was compromised, which includes the names and dates of birth of some of their volunteers, identifying documents, their answers to health questionnaires, signed consent forms, information from doctors, and some test results.
Unfortunately, this is a sufficient body of information to steal an individual's identity. So if you're one of the company's volunteers, and you haven't been contacted by the company yet, be aware that your personal information may have been compromised.
These are dark days, and hacking groups around the world seem content to carry on as though there's not a global pandemic raging. While HMR may have been the first to fall victim to hacking activities during the pandemic, they will almost certainly not be the last, and that is unfortunate. The hackers, after all, need the vaccine as much as the rest of us.