In yet another large-scale ransomware attack, Henderson, Kentucky-based Methodist Hospital has announced an “internal state of emergency,” according to Krebs on Security, after numerous files on its computer systems were savaged by encryption. The way ransomware works, all of the documents involved will be held for ransom, awaiting the hospital’s payment, hence the name.
As reported by the hospital’s information systems director Jamie Reid, the ransomware in question is “Locky,” which left thousands of Microsoft Office customers at risk just last month.
The way it works is this: The malware locks away your files, including pictures and documents, encrypting them on an infected host, and proceeds to erase the originals. Those attacked then have the option to either pay a handsome fee to the perpetrator, or alternatively, they can restore the original files from a backup, assuming it’s not on the same network as the computer in peril.
In regards to Methodist Hospital specifically, the ransomware attempted to move from one computer system to an entire network, and in turn, ended up compromising a number of different systems. As a result, the hospital was basically forced into shutting down every computer on the network, reinstating them one by one after individually vetting them for symptoms of infection.
“We have a pretty robust emergency response system that we developed quite a few years ago,” boasted David Park, an attorney for the Kentucky healthcare center, “and it struck us that as everyone’s talking about the computer problem at the hospital maybe we ought to just treat this like a tornado hit, because we essentially shut our system down and reopened on a computer-by-computer basis.”
Unlocking the files by way of ransom would set the hospital back a total of four bitcoins, equating to $1,600 in US dollars.
The hospital has yet to determine a plan on responding to the threat.
“We haven’t yet made [a] decision on that, we’re working through the process,” Park explained. “I think it’s our position that we’re not going to pay it unless we absolutely have to.” As a result of the virtual onslaught, the biggest concern, Park added, is that all operations are now handled on paper as the hospital awaits a final verdict.
“We have downtime procedures to going to paper system anyway, so we went to that paper system,” he admitted. “But we don’t feel like it negatively impacted patient care. They didn’t get any patient information.”
Let’s hope the hospital finds a workaround promptly, as giving the ransomware attackers exactly what they asked for could expose other similar institutions to additional attacks.