Petronella Blog Archive

Visit our New Blog

Methodist Hospital Attacked

Blog Post

Recently we ran an article about how both Palo Alto Networks and Proofpoint have linked Dridex to a new strain of ransomware known as Locky. Now, Methodist Hospital in Henderson, Kentucky had to be put on an internal state of emergency due to the malware taking over their systems.

This particular malware isn’t that much different from other ransom type malware like Cryptowall, but Dridex’s vast criminal network is causing it to spread rapidly. Locky lives up to its name by infecting a single computer then searching out connected files and systems to spread to. It then locks the user out while also deleting backups, the only way to regain access is for the victim to pay a ransom in Bitcoin to the hackers.

In Methodist Hospital’s case, the attack began with a spam email about invoicing that carried an infected attached file. Once opened, the infection spread from the initial computer to the hospital’s entire computer network, then compromised several other systems. The hackers were demanding four bitcoins, or around $1,600.

This isn’t the first hospital to be attacked in this way. A couple weeks ago a California hospital paid $17,000 to regain access to its files. Methodist Hospital chose to shut down its entire computer system, then bring each one back online after they were cleared of having any sign of infection. In the meantime, they switched to doing everything by hand and on paper as they would in case of natural disaster. Fortunately, according to the hospital’s attorney, no patient information was compromised and the quality of patient care was not impacted.