3rd Significant Ransomware Hack on Hospital

Locky Crypto Virus HospitalIn a story reported by Brian Krebs we have yet another mainstream ransomware virus outbreak affecting a large medical facility.

It just goes to show how vulnerable both large and small organizations can be if they are unprepared for such an emergency.  So far it sounds like only 1 of the 3 victims was fully prepared to deal with the outbreak (Ottawa), which means they probably has a good Backup and Disaster Recovery Plan (DR).

In the past few months there have been three notable outbreaks in hospitals:

  • California Hospital ($17,000 Ransom)
  • Ottawa Canada Hospital (Restored from Backup)
  • Kentucky Hospital ($1,600 Ransom)


What is the Locky Ransomware Virus?

The Kentucky Methodist Hospital declared an “internal state of emergency” in order to deal with the infection caused by the “Locky Crypto-Ransomware Virus” (Symantec: Trojan.Cryptolocker.AF).

Locky “has been spreading quickly since it first appeared on Tuesday (February 16).  The attackers behind Locky have pushed the malware aggressively, using massive spam campaigns and compromised websites.

One of the main routes of infection has been through spam email campaigns, many of which are disguised as invoices.  Word documents containing a malicious macro are attached to these emails.”

“If this macro is allowed to run, it will install Locky onto the victim’s computer”

How can I protect my Small Business from Ransomware?

  1. Install, Configure and Maintain a quality Antivirus and Monitoring System
  2. Employ an Anti-spam / Content Filter on your E-Mail Servers
  3. Properly Maintain and Patch Windows and Software Programs
  4. Limit End-user Access to Mapped Drives
  5. Deploy and Maintain a Quality Backup System
  6. Restrict users from running macro’s in applications by default
  7. User Education – What to look for and avoid
  8. Sign-up for our newsletter to keep learning!


 Check out the full article: 7 Tips to Save your ass from Ransomware Viruses!

  • Symantec: http://www.symantec.com/connect/blogs/locky-ransomware-aggressive-hunt-victims
  • Brian Krebs: http://krebsonsecurity.com/2016/03/hospital-declares-internet-state-of-emergency-after-ransomware-infection/