A hospital in Kentucky declared an "internal state of emergency" after a number of files on its computer systems were infected by encryption. The perpetrators behind the ransomware attack are holding data hostage and will only give them back once the hospital pays up.
The attackers are reportedly demanding just four bitcoins in order for them to hand over a key that would unlock the encrypted files. Based on the exchange rate, the ransom amount is equivalent to around $1,600.
In staging the attack, the perpetrators are said to have used Locky, a new strain of malware in encrypting valuable files. After initially infecting a machine, the perpetrators reportedly continued infecting the hospital's internal network, along with several other systems.
The Locky malware works by encrypting all of the victim's important files, documents and images and then deleting the original files in the end. Victims who need to regain access to their affected files will only have two ways to do so: either they restore the files from a backup or they pay the ransom.
Choosing the first option can be successful as long as the backup is not found on a network that can be freely accessed from a compromised PC.
Jamie Reid, information systems director of Methodist Hospital, said that the hospital decided to shut down all of its desktop computers in order to thwart the attack from compromising several other systems. One by one, the hospital brought the affected systems back after it had scanned each one for signs of attack.
"As everyone's talking about the computer problem at the hospital maybe we ought to just treat this like a tornado hit," said David Park, an attorney for the Kentucky healthcare center, in a statement released to Krebs On Security.
Park added that the hospital administration hasn't ruled out the option of resolving the issue by paying the demanded amount for ransom. He said that while the hospital is still working through the process, paying the ransom will be the last resort - it won't pay "unless we absolutely have to."
The attack is currently being investigated by the FBI, which declined to make a comment on the incident. In a January report, the FBI said that while ransomware has been in existence for several years, there has been a noticeable increase in the number of attacks lately by cyber criminals who prey on businesses and institutions.
Just recently, an LA hospital faced a similar ransomware attack, which held its computer system hostage for a whopping ransom of 9,000 Bitcoin, amounting to roughly $3.6 million.
