Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kentucky Hospital Calls State of Emergency In Hack Attack (cnbc.com)

Posted by BeauHD on from the give-me-your-money dept.

An anonymous reader quotes a report from CNBC: A Kentucky hospital is operating in an internal state of emergency following an attack by cybercriminals on its computer network, Krebs on Security reported. Methodist Hospital, based in Henderson, Kentucky, is the victim of a ransomware attack in which hackers infiltrated its computer network, encrypted files and are now holding the data hostage, Krebs reported Tuesday. The criminals reportedly used new strain of malware known as Locky to encrypt important files. The malware spread from the initial infected machine to the entire internal network and several other systems, the hospital's information systems director, Jamie Reid, told Krebs. The hospital is reportedly considering paying hackers the ransom money of four bitcoins, about $1,600 at the current exchange rate, for the key to unlock the files.

7 of 265 comments (clear)

  1. Re:only 4 bitcoin? by bill_mcgonigle · · Score: 4, Interesting

    Why such a low ransom for such a high risk?
    I bet the hospital has more $ in its petty cash drawer...

    And who benefits from all this drama? They could have been back up and running before they went to the press. How does the hospital not suffer from this PR (like that they have no network isolation, perimeter security, or backups)? Something else is going on.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  2. the answer by Anonymous Coward · · Score: 0, Interesting

    The people who sent the ransomware, and their families should be rounded up and tortured , and killed. I'm actually quite serious. It will send a message to those who think that they can get away with this crap.

  3. Pay them off, get the key, decrypt, and THEN... by Anonymous Coward · · Score: 2, Interesting

    Tell everyone far and wide that the scammers took your money and REFUSED to give the encryption key, and that you had to restore everything from old backups.

    Ruin the assholes' business model, since no one is going to pay if they are known to take the ransom and skip out.

  4. Re:When did AV became so useless ? by SumDog · · Score: 5, Interesting

    Since the past decade. Enumerating viruses is useless. There are too many. Machine learning can be fooled and has high false positive rates. A French researcher at Kiwicon in 2014 showed that the parsers most AVs use run as the System user. He was able to use broken JPEGs and PDFs against the parser and get code execution as the System users (read: you don't even have to open the file. The virus scanner ran the executable code!)

    Active virus scanners are totally worthless today and actually increase the attack vectors to machines. Passive virus scanners are about equally as useless.

  5. Re:Keep on your toes. Ransomware on huge upswing by Anonymous Coward · · Score: 3, Interesting

    I've banned zip file attachment just to cut down on the load.

    What admin's job wouldn't be complete if they weren't inventing new ways to stop their company from getting things done instead of properly administering their network? There are a lot of ways that you could secure your email without the ham-fisted (and ineffective) file blocking. Instead, your users are going to be renaming their files things like application.pdf with instructions to rename it to zip, so all you've achieved is making another hurdle for employees to jump before they can do their job. Now they see IT as something to work around rather than a tool.

    And IT people wonder why they're the first out the door when the budget gets lean.

  6. Re: Document2 by Anonymous Coward · · Score: 2, Interesting

    Seriously, the only reason people pay these ransoms is that, so far at least, everyone has actually gotten their data back.

    I propose a new ransomeware business plan

    1. Build some ransomeware that doesn't actually encrypt files, just overwrites them with pseudorandom garbage
    2. Collect bitcoin from people who think you are actually going to decrypt their files.
    3. Repeat until the reputation of ransomeware authors is completely destroyed and nobody pays anymore because they figure they aren't getting their data back anyway.
    4. ???
    5. Profit.

  7. Re: Document2 by Thor+Ablestar · · Score: 3, Interesting

    Let's calculate. Once upon a time I was a sysadmin in some Russian hospital. About 100 quite old computers with about 100 GB each. The critical data are about half of them. So you need about 10 TB to hold a reserve copy of everything - about US$500 of HDD. Maybe less. Then, you take any computer that has enough HDD ports - about US$150 since you don't need a new shiny computer, it would just work. Install there some software that would copy the modified files - it's free.

    But it's not the solution. The correct solution is the order of Chief Doctor that everybody who does not cooperate with Sysadmin would pay the ransom from their own pocket.