Skip to main content
close search
site logo
Dive Brief

Biotech Miltenyi, aiding in COVID-19 research, recovering from malware

Published Nov. 18, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Colorized scanning electron micrograph of a cell heavily infected with SARS-CoV-2 virus particles, isolated from a patient sample
National Institute of Allergy and Infectious Diseases. (2020). "Novel Coronavirus SARS-CoV-2" [Micrograph]. Retrieved from Flickr.

Dive Brief:

  • Global biotech company Miltenyi Biotec disclosed "isolated cases where order processing was impaired by malware" in its IT infrastructure in the last two weeks, according to a company announcement.  
  • Germany-based Miltenyi, which is aiding in coronavirus research, has been able to contain and recover the affected systems. "Based on our current knowledge, we have no indication that the malware has been inadvertently distributed to customers or partners," the company said. 
  • Operations are restored and the company does not expect delays in manufacturing or distributing orders.

Dive Insight:

Miltenyi didn't say what malware strain it found in its systems, but ransomware has been particularly devastating in the healthcare industry this year. Of the ransomware attacks tracked by Cybersecurity Dive between Dec. 31, 2019 and September 2020, 39% targeted healthcare. 

"The group behind Mount Locker ransomware claimed to have breached Miltenyi Biotec on Nov. 3," said Allan Liska, senior security architect at Recorded Future. "Unfortunately, healthcare providers continue to be a prime target for ransomware actors as the pandemic rages." 

Mount Locker appeared in July and follows the same threat model pioneered by Maze, publicly disclosing data if a ransom isn't paid, according to Bleeping Computer. "Mount Locker uses ChaCha20 to encrypt the files and an embedded RSA-2048 public key to encrypt the encryption key," security researchers told the publication. The strain adds .ReadManual.ID extensions to files so when a user engages with a file, the ransom note — named RecoveryManual.html —  is loaded. 

In October, the FBI, Department of Homeland Security and Department of Health and Human Services, warned the healthcare industry of a widespread ransomware threat, likely the Ryuk or Conti strains. In details concerning tactics, techniques, and procedures for Conti, Trickbot and BazarLoader, CISA included more indicators of compromise and YARA Rules for Trickbot detection. 

While CISA initially extended support for the healthcare industry when COVID-19 hit stateside through Operation Warp Speed, the supply chain is complex and smaller players don't have the IT and security support for sufficient prevention. 

Miltenyi's containment is following a theme among those struck by cyberattacks. "A lot of us saw the press or some of the really nasty, destructive attacks," said Mike Towers, CISO at Takeda Pharmaceuticals, while speaking on a panel during Druva's virtual Cloud Data Protection Summit on Tuesday. And while downtime is a primary focus, "the cyber containment part was the shortest part and recovery was the longest part."

Recommended Reading

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Whalebone Ranks Third Straight Year Among Central Europe’s 50 Fastest-Growing Companies
From Whalebone
November 25, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell