The incident took place in in the city of Greenfield, Indiana on Thursday, January 11, where the ransomware attacked the network of Hancock Regional Health. The hospital had to pay a ransom of $55,000 to get the system restored and get rid of it. Despite having the backups the hospital choose to pay the ransom as it the operations were hindered and employees were asked to shut down their system as to stop spreading it further.
The SamSam ransomware breaches the network via RDP
SamSam ransomware was deployed in the network of Hancock Regional Health systems which was first discovered in 2015. The ransomware was used in targeted attacks that scans the Internet to find computers with open RDP connections. It breaches the whole network connection through attacking these RDP endpoints and further spreads to more computer systems. After, spreading on the huge and strong networks the attackers deploys the SamSam ransomware and encrypts the files. The authors of the ransomware then places the demand of ransom in order to restore the files on the network and if not paid within the provided deadline they claim to delete the files.
Although, the exact source of SamSam attack in the hospital systems has been confirmed yet, but they said that the infection outbroke is not due to any suspicious/infected email.
The Encrypted Files were substituted with “I’m sorry” Phrase
According to the new published in a local newspaper, the SamSam ransomware encrypted the files on the targeted attack and were renamed with the phrase “I’m sorry”. As soon as the IT departpart detected the ransomware breach, the news was circulated through the entire Hospital and the employees was asked to shut down their computer systems to stop further spreading of the threat. Thus the operations at the Hospital were hindered.
However, the medical and management staff continued their work and the operations were carried out manually on paper instead of computer system. The good news is that the hospital continued to treat the patients with all the facilities.
Hospital decided to Pay the Ransom despite of having backups
The hospital management confirmed the news to a local press of paying the ransom on Saturday as demanded by the attackers of 4 Bitcoins that worthed around $55,000. They opted to pay the ransom even they had the backups, but they do not find it the effective solution to it. The restoration procedure could take several days or even weeks to completely put the infected network in working mode. So paying the ransom was the quick method to deal with the current scenario. The network systems were started running and were in working mode by Monday.
In Conclusion, the ransomware attacks are continued to hinder huge companies and millions of individuals and they are left with no choice than to pay the ransom. But this only encourages such groups to carry out more illegal approaches to extort huge money. The FBI had asked the victims to report such bigger attacks via the IC3 portal. So that the Bureau can take a strong step for such peoples and handle such matters legally.
If you are also been victim of ransomware then, you must avoid paying them instead always keep a backup of your important files with various online backup solutions available.
SOS Online Backup is a leading online backup solution that runs quietly and automatically in the background. Both Personal and Family Cloud SOS accounts support an unlimited number of mobile devices. SOS is quick and easy. The product will automatically find important files, then simply set the start-time for a daily backup. SOS Online Backup supports any size and any file type. All SOS apps (desktop AND mobile) encrypt files using UltraSafe 256-bit AES before transferring them to the cloud.