The Federal Bureau of Investigation (FBI) is asking businesses and software security experts for emergency assistance in its investigation into a new strain of ransomware called MSIL/Samas.

A confidential advisory was released Friday to security companies (obtained via Reuters) and describes MSIL/Samas are being a far more nefarious form of ransomware in that it tries to encrypt data across entire networks rather than single computers.

Like ransomware before it, once it is on a system it asks for a Bitcoin payment to release the encrypted data.

The request asked recipients to contact the FBI’s CYWATCH cyber center if they discover any evidence that they have been attacked or have other information that might help in its investigation.

According to further details in the alert, the Bureau has discovered so far that the group behind MSIL/Samas uses the publicly available security program Jexboss to scan for vulnerable versions of the JBoss software, and once vulnerable versions are discovered the malware launches an attack that seeks to scramble data on servers; it also finds and deletes the backup files targeted companies could use to restore data scrambled by ransomware by overwriting a key Windows system file called the Master Boot Record.

Hospitals targeted

It would appear from reports that the MSIL/ Samas malware was that used in recent attacks on healthcare facilities, including the attack on the Hollywood Presbyterian Medical Center in February and more recently on Kentucky’s Methodist Hospital.

In the case of the Hollywood attack, an internal emergency was declared, emergency room systems were sporadically impacted, and although no one is believed to have died due to the attack, some patients were transported to other hospitals as vital systems needed for patient care, including CT scans, documentation, lab work and pharmacy needs were inaccessible.

In the end, Hollywood Presbyterian paid the Bitcoin ransom to end the malware attack, further encouraging those behind it go after more hospitals.

Some experts though point the finger at a flaw in hospital systems themselves, with Axcient, Inc. Chief Executive Officer Justin Moore telling SiliconANGLE via email that:

“Hackers have a giant bullseye on the healthcare sector right now, because they know that many organizations still rely on simplistic, dated approaches to cybersecurity. The fact is, many organizations have already been breached, and the only way to both prevent and withstand attacks is by taking a multilayered approach. IT resiliency today involves implementing protections for the organization, protecting related communities and supply chains from attack, and then stopping existing attacks before they become breaches. Until CIOs hit all three objectives, they’ll remain easy pickings for hackers.”

The old adage that you should always practice safe internet holds true here, and there’s no surprise that hospitals with older systems and security flaws are being targeted by the people behind this malware.

If you have any information about this form of malware that may be of assistance you can contact the FBI’s Cyber Division via their website here.

Image credit: mdgovpics/Flickr/CC by 2.0