An internal state of emergency has been declared in Kentucky’s Methodist Hospital, following a ransomware attack. Files have been stolen, encrypted, and held for ransom, unless the hospital pays up.
The malware in question, according to KrebsonSecurity, is of the “Locky” ransomware strain, which encrypts important files and documents, deletes the originals, and offers the return the encrypted files for a price. In this case, the attackers are demanding four bitcoins for the return of the files. Although just saying “four bitcoins” sounds like much less than it is, as the value comes to around $1,600.
If the hospital has a backup that was not on a network the compromised computer can access, restoring the files from a backup is possible. But judging by the current state of emergency, it seems that is not the case.
The hospital’s emergency response system is working on narrowing down the potentially infected computers. It’s been described as essentially shutting down the system, and re-opening each computer on an individual basis once they’re certain it’s not the infected one; a time-draining process, albeit effective.
During the downtime, the hospital’s staff reverted to a pen and paper system, but insist that it hasn’t impacted patient care. The hospital also assures patients that their data was not impacted.
No decisions have been made yet as to whether the hospital will pay the ransom or find another way to restore the data, but they are working with the FBI to explore their options and recover the stolen data.