3 min read

Ransomware forced hospitals to cancel 2,800 operations and shut down systems

Graham CLULEY

December 06, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ransomware forced hospitals to cancel 2,800 operations and shut down systems

Ransomware is a serious enough threat for most organisations, but just imagine if you’re in the business of keeping people healthy and saving lives.

At the end of October, three British hospitals suffered a “major incident”, as a malware attack infected the Northern Lincolnshire and Goole NHS Foundation Trust (NLAG), forcing the almost complete shutdown of IT systems and the cancellation of routine patient operations for several days.

As ZDNet reports, NLAG has now confirmed that the malware that infected their computer systems was a variant of the Globe ransomware, which uses the Blowfish cryptographic algorithm to encrypt victims’ files.

encrypted-files

As if that weren’t bad enough the Globe2 ransomware also deletes your PC’s Shadow Volume Copies. Shadow Volume Copies are backups made of your files by default every day that allow you to roll back in time to recover earlier versions should they be required.

Obviously, that’s a pretty useful safety net to have at your disposal should you be hit by data-encrypting ransomware. But, of course, online criminals are well aware that users are less likely to pay off the ransom if they are able to recover their data in this way.

ransomware-message

Mystery currently surrounds precisely how the hospital trust was hit by ransomware. Speaking to Computing, NLAG NHS Trust’s Pam Clipson debunked theories touted in the media that the malware had entered the organisation via an infected USB stick:

“We can confirm that recent publicly reported information alleging that access was gained through a USB stick or due to remote working have no grounding in fact. We can assure our patients and other stakeholders that we acted swiftly to enhance our existing cyber security but in order to maintain security and support the police investigation, we are unable to share specific information at this time on the exact steps we have taken.”

No doubt the investigation is exploring whether the malware might have entered the organisation via a malicious email or perhaps via a drive-by-download as a user visited a boobytrapped website. I would be surprised if it was eventually determined that the hospital trust was specifically targeted by online extortionists, but stranger things have happened.

Whatever the source of the infection, Clipson emphasised that the Trust’s security team responded quickly to the ransomware attack, cleaning and checking servers:

“The majority of our systems were up and running again within 48 hours. A total of just over 2,800 patient appointments were cancelled as a result of the disruption.”

NLAG says it has worked closely with law enforcement, and the police’s regional cyber crime unit are investigating the incident.

The good news is that it appears that most of the trust’s IT systems were brought back to working operation relatively quickly, and although 2,800 patient operations were cancelled there is no indication that any long term harm has been done.

I’m also pleased to see that NLAG does not appear to have considered the option of giving in to the blackmailer and paying them a ransom for the safe recovery of data.

That’s certainly not been the story when other hospitals have been hit by ransomware in the past. For instance, earlier this year the Hollywood Presbyterian Medical Centre paid some $17,000 worth of Bitcoins to recover its encrypted data after an attack

Whenever a ransom demand is shown to work for the bad guys – meaning whenever victims pay up – all that happens is that criminals are incentivised to launch more ransomware attacks. And that is bad news for all of us.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read