Locky, an infamous ransomware that gained its notoriety last month when it surprised administrators of Hollywood Presbyterian Medical Center in Los Angeles, unfortunately, attacked another hospital this week, Kentucky’s Methodist Hospital in Henderson.
As seen on its website, you can see an affixed red bar claiming that they are in an internal state of emergency due to a computer virus that limits its use of electronic services. The attack apparently came from a spam email attachment that an employee accidentally opened.
The attack starts last Friday and lasts for four days. Officials of the said hospital reported that their services are up and running and Monday and unlike Hollywood Presbyterian, they did not pay the $17,000 ransom to get their files back.
Methodist Hospital officials – "The ransom was not paid. Our system is up and running." @14News
— Jessica Gavin (@JGavin14News) March 21, 2016
The attackers copied all the patients’ records, encrypting them while deleting the originals, an activity that is similar to Locky. The hospital worked with the FBI against the malware and luckily, they have a backup ready for use.
According to Jamie Reid, the hospital’s information systems director this week, the ransomware quickly spread from just a single email to the entire network. They were forced to render all their computer offline and scan each for the said ransomware.
Even after the increase breaches in hospital serversLawrence Abrams, a computer forensics expert and founder of BleepingComputer.com, doesn’t think hospitals are the only targets.
“I do not believe at this time that the ransomware developers and distributors in these stories are actually targeting hospitals. They are instead looking for vulnerable sites to hack in order to spread ransomware and hospitals that were infected did so by user error,” Abrams wrote Tuesday.