Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kentucky Hospital Calls State of Emergency In Hack Attack (cnbc.com)

Posted by BeauHD on from the give-me-your-money dept.

An anonymous reader quotes a report from CNBC: A Kentucky hospital is operating in an internal state of emergency following an attack by cybercriminals on its computer network, Krebs on Security reported. Methodist Hospital, based in Henderson, Kentucky, is the victim of a ransomware attack in which hackers infiltrated its computer network, encrypted files and are now holding the data hostage, Krebs reported Tuesday. The criminals reportedly used new strain of malware known as Locky to encrypt important files. The malware spread from the initial infected machine to the entire internal network and several other systems, the hospital's information systems director, Jamie Reid, told Krebs. The hospital is reportedly considering paying hackers the ransom money of four bitcoins, about $1,600 at the current exchange rate, for the key to unlock the files.

3 of 265 comments (clear)

  1. Re:Document2 by HumanWiki · · Score: 5, Insightful

    Good luck with that... As an infra-engr guy for over a decade now, I can't tell you how many times I've been told to go pound sand by the people in charge of the company when I suggest things like that that cost money upfront to stop things that may cost money later. Pretty much anyone asking for actual backup systems or real DR hits similar walls. Not saying it's right or that I agree with it.. But, it's not as simple as saying it's time they learn. They don't. They never do.

  2. Re:When did AV became so useless ? by SumDog · · Score: 5, Interesting

    Since the past decade. Enumerating viruses is useless. There are too many. Machine learning can be fooled and has high false positive rates. A French researcher at Kiwicon in 2014 showed that the parsers most AVs use run as the System user. He was able to use broken JPEGs and PDFs against the parser and get code execution as the System users (read: you don't even have to open the file. The virus scanner ran the executable code!)

    Active virus scanners are totally worthless today and actually increase the attack vectors to machines. Passive virus scanners are about equally as useless.

  3. Re: Document2 by Hotawa+Hawk-eye · · Score: 5, Insightful

    Would it cost more than a lawsuit filed against the hospital by the next of kin of a patient that died because the equipment needed to keep them alive was disabled by an attack like this?