Locky Ransomware Perpetrators Ramp Up Efforts to Attack Hospitals
Ransomware has been a serious nuisance in the past couple of years. In recent cases of ransomware threats and attacks, computer users are left with very few options due to the aggressive nature of emerging ransomware threats to encrypt data on an infected computer. In light of the successful ransomware attack on the Hollywood Presbyterian Medical Center in February, ransomware perpetrators are taking the high road to attack other hospitals in an attempt to extort thousands of dollars from helpless hospital IT administrators.
In February of this year, the Hollywood Presbyterian Medical Center was attacked by an aggressive form of ransomware that encrypted the data on their systems. During the attack, the systems were shuttered, and proper healthcare of countless patients was put on hold. To quickly rectify the situation, the Hollywood Presbyterian Medical Center IT staff took it upon themselves to pay the ransom fee to ultimately decrypt their data and restore operation to their computer systems so they may access patient data and provide proper care for them.
Because of the Hollywood Presbyterian Medical Center paying the ransom, the cybercrooks who are behind recent encryption-type ransomware threats have taken note and are now seeking other hospital facilities to attack in hopes they will follow suit and pay the ransom also. At the time of the Hollywood Presbyterian Medical Center ransomware attack and resolution, the IT administration of the hospital made the choice to pay $17,000 to decrypt their data. With such a large lump sum paid at once, ransomware perpetrators are seeing several dollar signs gleaming in their eyes through attacking other hospitals.
Because hospitals are prone to paying the ransom fee to get their systems back online and provide proper patient care, ransomware perpetrators are attacking several hospitals around the world. First up, is the Whanganui District Health Board in New Zealand where they were hit with the Locky Ransomware threat. Fortunately, the New Zealand hospital was still able to operate despite the Locky infection contaminating some of their systems.
Next, two German hospitals, Lukas Hospital in Neuss and Klinikum Arnsberg hospital in North Rhine-Westphalia, were hit with ransomware making the staff resort to using pen and paper to provide proper patient care.
Bringing things back to the United States, ransomware perpetrators hit the Methodist Hospital in Henderson, Kentucky, which caused them to declare an "internal state of emergency" after the Locky Ransomware threat took hold of their systems. Additionally, the MedStar Health hospital chain and the Alvarado Hospital Medical Center in San Diego, CA succumbed to the Locky Ransomware threat.
In a few other cases of ransomware infiltrating systems at hospitals, ones in Chino Valley and Desert Valley, California came under attack but they were able to isolate the ransomware-infected systems so they may still provide proper care for their patients. The latest rash of ransomware attacking hospitals was at the King's Daughters' Health Hospital in Madison, Indiana, also attacked by the Locky Ransomware threat.
For many obvious reasons, the many hospitals are under attack from ransomware cybercrooks. Whether or not the hospitals should pay the ransom fees to restore operation comes down to providing the IT staff with the proper training in dealing with ransomware infections. In many situations training would permit isolation of a ransomware threat or complete avoidance, which would allow an attacked hospital to retain proper care of their patients.
For now, the US-CERT (United States Computer Emergency Readiness Team) is issuing alerts for hospitals to stay alert and vigilant of ransomware threats, which may primarily spread through spam email messages.