You may have heard of the recent SamSam ransomware attack on Allscripts, a juggernaut in electronic health record (EHR) services, but SamSam has also attacked other healthcare-related organizations. SamSam has attacked Erie County Medical Center (Buffalo, NY), Adams Memorial Hospital (Decatur, Indiana), and Hancock Regional Hospital (Greenfield, Indiana). SamSam has also infected the computer network of the City of Farmington, New Mexico.
SamSam does not infiltrate via a phishing e-mail. SamSam penetrates your server either by brute force attack or by breaking weak passwords. Once in, files are rendered inaccessible with RSA-2048 bit encryption.
The SamSam operators are perfecting their ransom demands. SamSam hackers charge different prices depending on the degree of infection, and they increase the price if the victim delays.
In May 2017, Erie County Medical Center received a demand for $44,000 in Bitcoin. The hospital did not pay and needed a full month to fully restore operations.
In January 2018, Hancock Regional Hospital received a $55,000 demand, and after weighing the costs of paying the ransom with the costs associated with downtime and recovery, they paid the ransom. The attackers provided the decryption keys and Hancock’s systems were restored. (The FBI recommends never paying a ransom.)
Ransomware remains a top risk for organizations of all sizes during 2018. Eagle Consulting Partners encourages you to review its post, Preventing and Mitigating Ransomware Attacks, for our best-practice recommendations to protect your organization.