Earlier this month, we explored the who, what, when, where and why of ransomware. To recap, ransomware is a type of malware designed to maliciously block or limit user access to a computer system or until a ransom is paid in exchange. Ransomware infections are considered by some to be the modern, digital hostage.
The Case
In this post, we’re going to explore a ransomware case that occurred fairly close to home. On March 18, 2016, Methodist Hospital in Henderson, Kentucky declared an Internal State of Emergency and embedded a scrolling red alert on its homepage with the following looped message:
“Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web-based service. We are currently working to resolve this issue, until then we will have limited access to web-based services and electronic communications.”
What followed was a five-day, FBI-led investigation and a relentless pursuit to uncover the locked files.
Using the “Locky” strain of malware, the virus initially entered into the hospital’s internal network through one machine. From that entry point, the infection then spread into the entire internal network. Once present in Methodist Hospital’s computer network, it essentially voided all precautionary network security support, which led the hospital to take extreme measures.
Considering the urgency of the situation, the hospital reportedly considered paying the hackers the requested ransom in return for the key — four bitcoins, or about $1,600. Thankfully, along with the help of the FBI, Methodist Hospital officials were able to regain access to the previously locked files.
“We essentially shut our system down and reopened on a computer-by-computer basis,” David Park, an attorney for the Kentucky healthcare center, said.
Although Methodist Hospital recovered their files without ransom payment, other institutions don’t get so lucky.
Nationwide Trends
Former NSA employee, and Carbon Black Co-Founder and Chief Security Officer, Ben Johnson, said that there is an important trend to note among recent ransomware attacks. He says oftentimes healthcare institutions will pay the ransom payment to get back online quickly, so confidentiality among patient records isn’t compromised. Johnson refers to this segment as the “sweet spot.”
“Ransomware has done its market research and found its ideal market segment,” Johnson said. “Last year, it was that all your health records will be stolen, this year it’s that you’ll be in the hospital and all the systems will fail.”
How ABR can help
At ABR Systems Group, we’re here to provide your business with IT strategy consulting to strengthen your network security in the case of an attack. Take that next step and call ABR Systems Group to schedule a consultation today. Our small business IT consulting in Bowling Green, Ky. is here to help.
