A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate.
The hacker who stole Hollywood Presbyterian asked for $3.6 million, but settled for a piddling $17,000 (40 bitcoin), presumably after they realized that their random infectious agent had kidnapped a giant, high-profile institution that would be able to motivate serious law-enforcement investigations that would move ever-closer to their true identity the longer the ransom negotiations continued.
Henderson, Kentucky's Methodist Hospital has declared an "Internal State of Emergency," having been shut down by a piece of ransomware called "Locky." The hospital's spokeslawyer, David Park, said that they're addressing the ransomware attack using plans designed to help the hospital weather a tornado or other natural disaster.
The attackers are only asking for $1,600 (4 bitcoin) to unlock the hospital's files.
Brian Krebs speculates that the attackers didn't set out to hold a hospital to ransom, and have no real appreciation of how much they could be asking for (though the Kentucky hospital seems to have been less compromised than the one in Hollywood). He warns that in future, ransomware creeps will start targeting their attacks, aiming for victims who have more to lose, and more to spend, when their data is taken from them.
The attackers are demanding a mere four bitcoins in exchange for a key to unlock the encrypted files; that's a little more than USD $1,600 at today's exchange rate.
Park said the administration hasn't ruled out paying the ransom.
"We haven't yet made decision on that, we're working through the process," with the FBI, he said. "I think it's our position that we're not going to pay it unless we absolutely have to."
[Brian Krebs/Krebs on Security]