HancockHospital  - HancockHospital - Hospital Pays $55K Ransomware Demand DESPITE Having Backups

An Indiana paid a ransom of $55,000 to get rid of ransomware that had infected its systems and was hindering operations last week.

The infection took root last week, on Thursday, January 11, when attackers breached the network of Hancock Health, a regional hospital in the city of Greenfield, Indiana.

Files renamed to “I’m sorry”

Attackers deployed the SamSam , which encrypted files and renamed them with the phrase “I’m sorry”, according to a local newspaper who broke the news last week.

Hospital operations were affected right away. IT staff intervened and took down the entire network, asking to shut down all computers to avoid the ransomware from spreading to other PCs.

By Friday, the next day, the hospital was littered with posters asking employees to shut down any computer until the incident was resolved.

While some news sites reported that the hospital shut down operations, medical and management staff continued their work, but with pen and paper instead of computers. Patients continued to receive care at the hospital’s premise.

Hospital had but decides to pay ransom

The hospital said that despite having backups it opted to pay the ransom demand of 4 Bitcoin, which was worth around $55,000 at the time the hospital paid the sum, on Saturday morning.

Hospital management told local press that restoring from backups was not a solution as it would have taken days and maybe even weeks to have all systems up and running. Hence, they decided paying the ransom was quicker.

By Monday, all systems were up and running, and the hospital released a short statement on its site admitting to the incident, but with very few other details.

SamSam ransomware spread via RDP attacks in the past

SamSam, the ransomware used in this incident, first appeared two years back and was used in targeted attacks only. The SamSam crew usually scans the Internet for computers with open RDP connections. Attackers break their way into large networks by brute-forcing these RDP endpoints and then spread to even more computers. Once they have a sufficiently strong presence on the network, attackers deploy SamSam and wait for the company to either pay the ransom demand or boot them off their network.

While the hospital has not confirmed the typical SamSam attack scenario, they did say the infection was not the case of an employee opening a malware-infected email.

The FBI has long asked companies and individuals affected by ransomware to any infections via the IC3 portal so the Bureau can get a better grasp of the threat and have the legal reasons to go after such groups.

RanSimFalPos.png  - RanSimFalPos - Hospital Pays $55K Ransomware Demand DESPITE Having Backups

Free Ransomware Simulator Tool

How vulnerable is your network against a ransomware attack?

Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 10 infection scenarios and show you if a workstation is vulnerable to infection.

Get Started  - 18793d55 e1a3 4b4d 882a 87ab7781f852 - Hospital Pays $55K Ransomware Demand DESPITE Having Backups



Image credits: Tom Russo / Greenfield Daily Reporter

This was cross-posted from BleepingComputer.

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here