US Treasury Warns Of Ransomware Targeting COVID-19 Vaccine Research

The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warned financial institutions of ransomware actively targeting vaccine research organizations.

“FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines,” the US Treasury Department bureau warned [PDF].

The warning was published the same day the US Food and Drug Administration (FDA) issued two emergency use COVID-19 vaccine authorizations.

FinCEN also held a virtual exchange in November with representatives from financial institutions, technology firms, and federal government agencies to discuss rising concerns regarding ransomware.

It also issued a ransomware advisory [PDF] in October on the use of financial systems to facilitate ransom payments following ransomware attacks.

The same day, the Office of Foreign Assets Control (OFAC) warned organizations assisting victims to make ransom payments that they are facing sanctions risks as their actions could violate regulations.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

COVID-19 vaccines targeted by fraud and cyber-crime

The financial intelligence unit also warned of fraudsters and criminals using the public’s interest in the COVID-19 vaccines and their distribution to their advantage.

“COVID-19 vaccine fraud may include the sale of unapproved and illegally marketed vaccines, the sale of counterfeit versions of approved vaccines, and illegal diversion of legitimate vaccines,” FinCEN added.

“Already, fraudsters have offered, for a fee, to provide potential victims with the vaccine sooner than permitted under the applicable vaccine distribution plan.

“Financial institutions and their customers should also be alert to phishing schemes luring victims with fraudulent information about COVID-19 vaccines.”

This warning comes after similar ones issued by US federal agencies, the Food and Drug Administration (FDA), the Federal Trade Commission (FTC), DHS-ICE, INTERPOL, and Europol during the last two months.

Over 275,000 Americans have reported financial losses of more than $211 million due to COVID-19-related scams this year according to the FTC.

Also Read: Limiting Location Data Exposure: 8 Best Practices

Threat actors including nation-state hackers [1, 2] have also targeted organizations associated or involved in the COVID-19 vaccine cold chain and research throughout the year.