Ransomware developers are not done attacking hospitals just yet
This year, the evil-minded creators of the file-locking ransomware viruses[1] seem to be especially fixated upon targeting the most sensitive parts of social services and infrastructure. And it is quite obvious why. Larger businesses, companies, and organizations have a large client base which allows the hackers to manipulate them more easily by threatening their trustworthiness and reputation within the society. No self-respecting company wants to let its clients know that their personal information has been put at risk because of the staff’s negligent attitude towards their privacy and data security. In fact, keeping the public face is so important that often, these companies decide to pay the extortionists just so that the whole thing would remain under the seal of secrecy. Nevertheless, some of the ransomware victims speak out to let others know what dangers lie in store. Northern Lincolnshire and Goole NHS Foundation Trust hospital[2] is one of them.
This British hospital has been put on the spot in October when its employees were suddenly no longer able to access the institution’s internal network or the documents stored on the work computers. Because of this, the hospital’s IT systems froze and over 2,800 medical appointments had to be rescheduled until the network is fixed. Closer analysis of the infected computers has revealed the source of this havoc: the healthcare institution was hit by what seems to be a .GSupport3 file extension virus (a variant of the Globe ransomware virus). This parasite has also deleted all the Volume Shadow Copies[3] of the encrypted files leaving the hospital staff no option for the data recovery in case no additional backups were created pre-attack. Allegedly, the infection was a result of a corrupt USB stick being plugged in into one of the employee’s computers. Nevertheless, the NHS’s Director of Strategy and Planning Pam Clipson denied[4] these claims and assured that a team of specialists has been appointed to find out the real cause of this infringement.
Luckily, the hospital was up and running once again a couple of days later, while the extortionists had to deal with the bitter sense of disappointment not having realized their malicious plan. Sadly, such cases are rare. Hollywood Presbyterian Medical Centre[5], for instance, has dealt with a similar attack just earlier this year, but gave in to the hackers’ blackmailing tricks and paid around 17,000 USD for the encrypted files. Such events only accentuate the importance of cyber security and should urge company executives to educate their staff about it.
Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.
- ^ RANSOMWARE: Q. Nomoreransom.org anti-ransomware project.
- ^ Graham Cluley. Ransomware forced hospitals to cancel 2,800 operations and shut down systems. HOTforSecurity IT news.
- ^ How Volume Shadow Copy Service Works. Microsoft Technet support page.
- ^ Graeme Burton. Globe2 ransomware blamed for Lincolnshire NHS trust cyber attack. Computing news.
- ^ New Locky virus campaign targets healthcare organizations. Virusactivity.com: keeping you updated on virus activity .
