A UK hospital group was forced to cancel patient appointments after it was hit with a new variant of Bitpaymer ransomware asking for a $218,000 payout.
A UK hospital group that fell victim to May's WannaCry attacks has been hit by ransomware yet again, ZDNet's Danny Palmer reported. The hospital NHS Lanarkshire was forced to cancel several patient appointments after the latest attack, which was detected in its IT systems on Friday.
The malware used has been identified as a new variant of Bitpaymer ransomware, which not only encrypts files and holds them for ransom, but also claims to have gathered "private sensitive data" from its victims, and threatens to share it if payment is not received, according to ZDNet. In this case, the criminals are asking the hospital to pay 50 Bitcoins, or about $218,000—"an unusually high fee," Palmer wrote.
NHS Lanarkshire treats more than 654,000 people living in the North and South Lanarkshire local authority areas—making it the third-largest health board in Scotland. Its primary care facilities include day hospitals and health centers, and it employs some 12,000 staff.
Once the malware was detected on Friday, medical director for the acute division Dr. Jane Burns asked patients not to come to the hospitals "unless it is essential," according to a Facebook post. "If you do turn up at A&E and do not require emergency care you may be sent away from the department or you may experience a lengthy wait," Burns wrote. "Emergency care will still be provided for those who do require to be seen."
On Saturday, hospital chief executive Calum Campbell wrote in a Facebook post that the hospital had identified the source of the malware, and was investigating how it was able to infiltrate the network. Ultimately, the attack impacted only a few systems, Campbell wrote, and staff were able to minimize the impact on patients and keep most services running.
"Unfortunately a small number of procedures and appointments have been cancelled as a result of the incident," Campbell wrote. "I would like to apologise to anyone who has been affected by this disruption, however I can assure you that work is already underway to reappoint patients."
It's likely that the malware was delivered via a phishing email, as that is how most forms of ransomware infiltrate systems, Palmer noted. Though NHS Lanarkshire said that its software and systems were up to date, this was a new strain of Bitpaymer, so the hospital's security provider has since issued an update to protect against it, according to a statement.
Hospitals and other healthcare organizations are among the most likely to be attacked with ransomware. To protect against these risks in any enterprise, you should do the following, according to ZDNet:
- Monitor the internet for dumped user credentials and new attacks.
- Train employees to report malicious emails.
- Build controls that assume compromised credentials.
- Monitor externally accessible servers, such as a mail server of VPN, for unusual activity.
For more tips on how to avoid and mitigate ransomware attacks, click here.
The 3 big takeaways for TechRepublic readers
1. On Friday, the UK hospital group NHS Lanarkshire was forced to cancel several patient appointments after being hit with ransomware.
2. The ransomware was identified as a new variant of Bitpaymer, which not only requests money, but also threatens to expose sensitive data if payment is not received.
3. Only a small number of the hospital's systems were impacted by the attack.
- Want to improve cybersecurity? Try phishing your own employees (TechRepublic)
- New Trojan malware campaign sends users to fake banking site that looks just like the real thing (ZDNet)
- How to make your employees care about cybersecurity: 10 tips (TechRepublic)
- Information Security Certification Training Bundle (TechRepublic Academy)
- Security awareness and training policy (Tech Pro Research)