Crypto ransomware attacked at least three hospitals in North Rhine-Westphalia state, Germany these days.
The first one is Lukas Hospital in Neuss, the second one is Klinikum Arnsberg, an academic teaching hospital that’s part of the Westphalian Wilhelms-University in Münster, and the third one is still has no name.
It’s still not clear if these hospitals have been attacked with one and the same ransomware, however, they didn’t get any targeted ransom demand apart from the usual one shown by the malware,. For that reason, the authorities believe that the hackers were not targeted at all.
Regarding the Klinikum Arnsberg’s case, the ransomware (or the downloader which later dropped the ransomware) was received as an email attachment. As soon as the email was opened, the malware got on the network.
Richard Bornkeßel, the clinic’s spokesman, said that the ransomware infected only one of the 200 servers, which was immediately shut down, as was the entire system. The good news for the hospital was that they had a backup of the files on each server. So, the ransomware attack didn’t affect the day-to-day activities in the hospital, as all the important medical devices can work without network access.
Unfortunately, Lukas Hospital was not so lucky. While they pulled the plug on the entire network and all systems – computers and servers – almost immediately after noticing error messages popping up all over the place. The messages were shown because the various medical systems wanted to access system data and files. However, it was impossible because they had been encrypted.
“We haven’t received a concrete demand for money, but we’ve seen these pop up windows that appear if you don’t stop the ransomware on a computer,” the hospital’s spokesman Dr. Andreas Kremer stated, and noted that the authorities advised them not to contact the people behind the ransomware via the offered anonymous email address.
The IT security staff of the hospital has been cleaning the affected servers and devices, and restoring data from backups, which the hospital laudably performs regularly. The information which has been lost will be entered manually again, as well as the notes that the staff has been forced to take on paper while the network was down.
Around the same time, a similar incident happened with the Hollywood Presbyterian Medical Center, and the hospital staff had to use pen and paper and fax machines to write down and share patient information between the various departments.
The ransomware attack affected patients who were scheduled for high-risk surgeries, as they were rescheduled for later dates, and the hospital’s spokesman said it would take a few months for everything to go back to normal. Currently, the clinic’s email server is still offline, and the patients are advised to contact the hospital via phone or fax.
Meanwhile, there are rumors saying that a New Zealand hospital has been hit with Locky – a new crypto ransomware family which can also find and encrypt files on unmapped network drives.