In another series of attacks on COVID-19 research, an attacker disrupted Dr. Reddy’s servers in India, Brazil, Russia, the United Kingdom and the United States. Headquartered in India, Dr. Reddy’s has connections with other major pharmaceuticals in the US and Europe. While we saw previous attacks on hospitals and research centers, this attack for the first time targeted a large pharmaceutical company researching and distributing a COVID-19 vaccine. Curiously, this attack happened just days after it gained approval for trials of Russia’s final-stage trials of the Sputnik V COVID-19 vaccine. These trials were part of an agreement for 100 million doses of the vaccine in India.
Dr. Reddy’s CIO indicated they needed 24 hours to bring their services back online following this disruption:
“In the wake of a detected cyber attack, we have isolated all data center services to take required preventive actions. We are anticipating all services to be up within 24 hours, and we do not foresee any major impact on our operations due to this incident.”
Cyber criminals do not impose restrictions on their targets. In a Forbes article, many cyber criminals claimed they won’t hack the healthcare system but this didn’t stop others who take advantage of the situation. COVID-19 research creates high-value targets for ransomware while concerns over the economy mean fewer resources for safeguarding this research.
Dr. Reddy’s avoided serious harm to the company as far as we can tell. While you can’t substitute a strong firewall and endpoint protection, you can increase your cyber-security strength without significant costs by reviewing previous attacks. This Cybersecurity and Infrastructure Security Agency (CISC) page on Ransomware provides educational resources and examples of ransomware you can use to learn how to watch for it. You can also search on “ransomware email” using any search engine to bring up many examples of ransomware emails. Both available completely free. Again, this doesn’t substitute for actual security hardware and software, but it doesn’t cost anything but a little time to learn.