2018: The redemption in $55 thousand to cyberracketeers
At the beginning of January, 2018 the Hancock Health clinic in the American city of Grinfilde, Indiana, underwent the hacker attack using the SamSam virus encoder which paralyzed work of medical institution in the heat of a flu epidemic in the state. Quicker to recover data, the management of hospital paid racketeers the redemption in the amount of 4 bitcoins that at the time of payment made about $55 thousand.
The encoder got into a computer network of Hancock Health on January 11, 2018 and blocked the file system of clinic, demanding the redemption for decoding, Bleeping Computer tells. All files which were located in networks of hospital were ciphered and renamed into a phrase "I'm Sorry" ("I am sorry", or "I apologize"). The IT staff of hospital at once was engaged in an incident and disposed to switch off all computers of medical institution not to allow further spread of an infection on network. As a result the personnel were forced to enter data in medical cards of patients in the old manner — using paper and ball pens.[1]
As the head of clinic Steve Long reported the The Register edition, an incident coincided with deterioration in weather — in the region blizzards, and a heat of incidence of flu therefore it was extremely important to recover data as soon as possible stormed. The management of Hancock Health reported the accident in department of FBI of fight against cyber crime and addressed third-party IT specialists that it will cope with attack effects, but quickly it was not succeeded to make it in spite of the fact that in hospital there was a backup system.
As a result, when it became clear that on data recovery using backup copies days or even weeks will leave, it was decided to transfer to hackers the required amount, as made on January 12, 2018.
Malefactors kept the promise and after receiving money sent to hospital keys for decoding of files. As of Monday, January 15, all computer systems of hospital were recovered, and the clinic returned to a normal operation mode.[2]
In what way malefactors got into network of hospital, remains to unknown. Earlier distributors of SamSam used the attacks through the RDP protocol, but in such cases criminals precisely knew who is cracked and why. It is possible that and this time the attack was narrowly targeted — in 2016 experts said that hospitals are "an ideal target" for encoders racketeers.[3] of the Reasons on that a little: first, huge responsibility (and, as a result, the increased readiness to follow the tastes of criminals, if only to resume normal functioning), secondly, often just does not know personnel of hospitals how to behave at cyber attacks. At last, in hospitals — a huge number of the specialized equipment connected to Network, but often defenseless against the hacker attacks though human lives quite often depend on it.
The solution of hospital can be understood only in unqualified risk hedging. In the presence of all backup copies it is necessary to recover data and to close vulnerabilities which led to loss of confidentiality and availability — Georgy Lagoda, the CEO of SEC Consult Services company considers. — Every time when cyberracketeers receive money, they are convinced once again that they are busy with very profitable and safe business. Besides, in many cases of an effect of "work" of encoders are irreversible, i.e. it is impossible to recover data, regardless of that, the redemption is paid or not. |