January 18, 2018 by

US Hospital Coughs Up $55,000 to Hackers after Ransomware Attack

A ransomware attack targeting a hospital in Greenfield, Indiana, has seen hackers make away with $55,000.

A Hancock Regional Hospital official has confirmed that a cyberattack involving ransomware struck and compromised the hospital’s IT system. Hackers demanded a ransom payment of 4 bitcoins in return for a decryption key to regain access.

The hospital’s chief strategy officer revealed to a local publication that the hack occurred sometime around 10 PM on Thursday last week and immediately spread to take control of the hospital’s email system, electronic health records as well as other internal operating systems. The ransomware deployed, as reported the Daily Reporter, is SamSam, a variant of malware ransomware that targets vulnerable servers and predictably spreads across a network after its installation on a single machine belonging to the network. SamSam can be used and deployed through remote access, tunneling, batch script usage that allows running of malware on multiple machines as well as web shell deployment.

The official also stressed that no patient information has been compromised as a result of the intrusion.

He stated:

What we do know is that no patient information has been affected, so at this point, there’s no understanding of any consequence other than our system is being held.

Over 1,400 files were targeted, with each one of their names temporarily encrypted and changed to “I’m sorry.”

The hackers are likely to have gained access by logging in with a third-party vendor’s credentials in order to access the hospital’s remote access portal, according to Hancock Health CEO Steve Long.

While the affected files were backed up and could have been recovered, restoring them could’ve taken days, even weeks which makes them an expensive task, according to Long. Paying a ransom, from a business standpoint, made sense and the hospital paid up.

“These folks have an interesting business model. They make it just easy enough (to pay the ransom),” he said. “They price it right.”

After receiving the payment, the hackers released the files.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Robots are Now Vulnerable to Ransomware Attacks

Security researchers have put the spotlight on malware affecting humanoid robots with the first...

Read more arrow_forward

Free Decryption Tool Brings Respite to Victims of Aggressive Ransomware

A new and unusual family of ransomware has met its match after a ransomware tool backed by Europol...

Read more arrow_forward

Ransomware is ‘Modern-Day Extortion’, Says McAfee CEO

The chief executive of cybersecurity firm McAfee has labelled ransomware as the modern day answer to...

Read more arrow_forward