Methodist Hospital in Henderson, KY, declared a state of emergency after encryption-based ransomware infected its computer systems, according to Tech Times. The perpetrators demanded four bitcoins which is equal to about $1,600 in exchange for providing the hospital a key to enable access to the locked files.
The attackers used a new type of ransomware called Locky, which encrypts the files and then deletes the original versions. The hospital shut down its working computers temporarily to prevent further infection, scanned them for encryption, then restored them once it was determined they were not infected.
To regain access to files encrypted with Locky malware, it is necessary to either restore the file from a backup or pay the ransom. It is possible to restore the file if the backup does not exist on a network that someone can access from an infected PC.
Attack Lasts Five Days
The attack began Friday, March 18, and lasted five days, according to HealthcareITNews. The hospital declared an internal state of emergency and posted this to their website:
“Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based services. We are currently working to resolve this issue, until then we will have limited access to web-based services and electronic communications.”
Paying Ransom a Last Resort
David Park, an attorney for the hospital, said any decision to pay the ransom depended on how many records were locked. He said paying the ransom would be the last resort.
The hospital website had no mention of the attack on its website today.
When Hacked contacted the hospital today, Sunday, to ask about the attack, the receptionist said no one was available for comment. The receptionist volunteered that the hospital probably would not provide any further information about the incident.
The attackers sent spam mail that referred to invoices calling for recipients to open an attached file, according to KrebsOnSecurity.
The FBI is investigating the attack but declined to comment. In a January report, the FBI said there has been an increase in ransomware attacks recently against institutions and businesses.
Ransomware Attacks Against Hospitals Rising
Hollywood Presbyterian Medical Center in Los Angeles suffered a similar attack, CCN reported last month. In that attack, hospital executives paid $17,000 worth of bitcoin to hackers, according to HealthcareITNews.
Last week, attackers disabled four computers at Ottawa Hospital. Officials said they did not pay the ransom since they had the data backed up.
The Institute for Critical Infrastructure Technology noted that in 2016, ransomware will “wreak havoc” on the country’s infrastructure community since it has become so prevalent. The report said criminals are using price calculations and social engineering to target low-risk, high-reward victims.
Featured image from Shutterstock.