March 31, 2016
Hospital Hit With Cyber Attack; New Ransomware Appears
Yet another medical facility has been hit with a suspected ransomware attack. The latest victim is MedStar Health, a healthcare provider in the Maryland and Washington, D.C. area.
While it hasn’t been confirmed if the virus was ransomware, it seems likely it was the culprit. According to a statement on MedStar’s Facebook page, they were hit with a virus early Monday morning. “MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organisation. We are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised. The organisation has moved to back up systems [and] paper transactions where necessary.”
While the facility says they are open information wasn’t compromised, according to the Washington Post, they had to turn patients away. A patient originally scheduled for a Monday appointment was rescheduled to Tuesday, which was cancelled as well. As of today, systems reportedly remain down and patients are still being turned away.
This is the latest in an alarming trend of hospitals hit with cybersecurity attacks. In February, the Royal Berkshire Hospital was forced to postpone a number of operations due to a virus. Although the hospital couldn’t confirm whether the virus was a ransomware attack, GetReading reported that the virus was ‘a variant of a known XP virus designed to disrupt services: it came in as an attachment to an email.’ Although the RBH was able to recover without compromising patient data, it still caused a period of costly downtime - not ideal for a cash-strapped NHS.
Additionally, we saw an attack on Methodist Hospital just last week, which sent them into an “internal state of emergency”. In February, an attack at Hollywood Presbyterian was even more damaging, forcing the hospital to pay a ransom of $17,000 (£11,890) to regain access to their files.
Hospitals are ideal targets, as we highlighted in a recent blog post. According to Jerome Segura of Malwarebytes Labs, hospitals are ideal targets for these attacks because “Their systems are out of date, they have a lot of confidential information and patient files. If those get locked up, they can’t just ignore it.” The Royal Berkshire Hospital in Reading, for example, is still using XP.
New Ransomware Strain
Unfortunately, there’s more bad news on the ransomware front. According to Trend Micro, Petya is the latest form of ransomware to pop up.
Petya overwrites the master boot record, leaving their operating system in an unbootable state. The virus is delivered via email, designed to look like an applicant seeking a job. The email contains a hyperlink to Dropbox to download a resume.
The current going rate for Petya’s ransom is .99 Bitcoins or roughly £287. According to PC World, the attacks are currently targeting companies in Germany, but could soon grow to a global scale. The UK has been relatively unscathed so far, but it’s only a matter of time.
Of course, there are some steps you can take to prevent compromising your data. With a business continuity and disaster recovery (BCDR) solution, you can restore critical data to a point in time before corruption occurred and avoid paying a ransom. In addition, iDigitalTimes has provided some steps to remove Petya from your computer.