Another hospital was attacked again with a crypto-locking malware called “Locky.” Henderson Kentucky Methodist Hospital had announced an “Internal State of Emergency” after the system was infected by the malicious computer program. Just after the recent Ottawa hospital attack and the Hollywood Presbyterian Medical Center extortion, which allowed hackers to gain $17,000 USD in Bitcoin, it is becoming apparent that cyber criminals are increasingly targeting medical facilities.
Hospitals Become Ransomware Targets
When ransomware had first entered the public’s eye attackers hit individuals and financial institutions with malware. Hackers have now aimed at a new kind of target over the past couple months by attacking hospital computer networks. The latest attack took place on a hospital in Kentucky asking for only four bitcoins forcing the organization to run their “Tornado” backup system used in storm emergencies.
The hospital’s attorney, David Park, said the attackers used a ransomware called “Locky” and administration has been working with the FBI concerning this case. Park stated that they were not sure if the Kentucky facility will be paying the extortion request, which is only $1,600 USD at current exchange rates. Park stated:
We haven’t yet made a decision on that, we’re working through the process. I think it’s our position that we’re not going to pay it unless we absolutely have to.
Ransomware has been a headache for officials lately as cyber attacks are on the rise. While these extortions are increasing, consulting firms wonder if private businesses are doing enough to keep up security. With facilities like the Hollywood Presbyterian Medical Center giving into this type of ransom, and FBI officials telling companies to pay, it’s no wonder hackers find these attacks to be lucrative.
Possible Solution Found?
Fortunately, the hospital may not have to comply with the request and could possibly rid themselves of the “Locky” ransomware. Recently it has been reported by journalist David Bisson that security experts have found a backdoor for “Locky.” It seems the malware creator had “fumbled” with the code and had left unlocking keys hidden within the protocol. Bisson explains the malicious software had infected 700 people in one day but despite this, the creator’s mistake has enabled victims to gain access to their computers again.
It is possible officials from the Kentucky Methodist Hospital may find the backdoor within the malware and might not have to pay the extortion request. Yet this doesn’t erase the fact that hospital computer systems are increasingly being held for ransom. These systems with patient information are critical to everyday operations. Brian Krebs of Krebsonsecurity.com said of the attack that even though the Kentucky hospital was less compromised than Hollywood, hackers are targeting medical facilities because they have more to lose.
What do you think about the latest attacks on medical centers? Let us know in the comments below.
Images courtesy of Kentucky Methodist Hospital, Pixbay, Shutterstock