Delaware, USA – July 18, 2018 – Unknown attackers infected with ransomware all the systems of Mahatma Gandhi Mission Hospital. The incident occurred on Sunday, July 15, it became known when one of the MGM hospital employees switched on the computer. The system administrator received an email with the demand with ransom notes demanding bitcoins and a link for information on the amount of ransom and further instructions. Management of the hospital decided not to pay cybercriminals and restore data from backups, resulting in lost data for 15 days. It is not still known what malware was used in this attack and how it got into the hospital’s network, but the attackers managed to infect all the MGM hospital terminals. The system administrator assumes that one of the employees clicked on a malicious link in the email, and some recent ransomware modifications have worm-like capabilities. However, this attack resembles the activities of the SamSam group, which already attacked hospitals in India this year.
The healthcare sector is a sweet spot for adversaries as hospitals more often pay ransom for sensitive data recovery, and stolen data can be sold at Darknet forums. Monitoring the security of organizations from such threats is possible with SIEM system and Ransomware Hunter use case that provides detection and automatic alerting capabilities at every stage of Cyber Kill Chain.