A German firm supplying SARS-CoV-2 antigens for medical researchers working on finding a cure for COVID-19 has been hit with malware.

For two weeks now, Miltenyi has been struggling to fight off a cyberattack. It is still suffering symptoms of loss of phone and email communication.

In an official statement, Miltenyi said it was taking the right measures to handle the situation. They mentioned their customers and partners have not been impacted. The threat actors successfully tampered with the order processing system and caused some communication issues to arise.

At this time, the malware used has not been disclosed by Mittenyi officials but is suspected to be the work of Mount Locker ransomware group. Unfortunately, the decryption keys for the type of ransomware that Mount Locker deploys are not free and any information that has been stolen may already be leaked or require a payment for recovery.

Mount Locker is four months old, and this threat group is already demanding multi-million-dollar ransoms and stealing data before encryption on corporate networks using ChaCha20 + RSA-2048.

An important takeaway from this particular incident is the increase in attacks on companies working on a coronavirus vaccine. Threat actors are usually financially motivated, and the companies and laboratories have received copious amounts of compensation for their potential deployment of the vaccine.

Earlier this year, reports of this type of malicious activity were filed. In October, a manufacturing laboratory contracted to create Russia’s COVID-19 vaccine, had to shut down its plants in Brazil, India, the U.K. and the U.S. Likewise, the U.S. Department of Homeland Security warned about a Russian threat group trying to steal COVID-19 information from any available resources in July. Moderna, another leading vaccine manufacturer, has also been spied on by Chinese-sponsored threat groups, says the U.S. Justice Department.

These companies are huge targets because the world is running a marathon to find a cure for this virus that has caused a global pandemic. Threat actors know countries around the world have paid trillions of dollars to companies to produce and deploy the vaccine. With this information, threat actors looking for a payday will likely demand a significant ransom.

Like we have mentioned before, threat groups prey on trends and current events. The current state of the world is a threat actor’s dream because of the continuous attention paid to COVID-19 itself, and now, the increasing potential payout as a vaccine gets closer to being finalized and deployed.

No matter what trending topic is affecting the cyber threat landscape, SpearTip engineers are ready to defend 24 hours a day. We will continue to stay on top of the latest news concerning coronavirus threats because our cybersecurity experts are always attentive to malware and manipulative programs. We do this by building cases on the threat groups, like Mount Locker, that are encountered on a daily basis. Our Security Operations Center (SOC) is complete with certified security engineers to monitor and protect your environment.

Not only are we continuously preventing cyberattacks, but we can also deploy our proprietary tool, ShadowSpear® in your environment before or after an attack.