Posted on: July 5th, 2016 by Wolf TG Admin

With the growing popularity of ransomware cyber attacks, we thought we’d spend the next few weeks covering the topic so you can better understand what ransomware attacks are, who’s behind them, how to protect against them, and what to do if you become a victim of such an attack. This is post 4 of 6.

Ransomware Attacks Organizations of all sizes must deal with the reality that their enterprise could be at risk for a ransomware attack. Police stations, hospitals, and even local governments have become victims of ransomware attacks. Many of these attacks have made international headlines causing the FBI to issue a special report.

Let’s dig deeper into some of the high profile ransomware attacks that you may not have heard about.

#1.) The City of Detroit Gets Hit With an $800,000 Ransom

In 2014, the City of Detroit found itself in an odd situation. One of its databases had become encrypted by ransomware. The hacker was demanding $800,000 in order to restore access to the encrypted database. Detroit declined to pay the ransom saying that the data encrypted was outdated and not useful.

After the ransomware incident, the City of Detroit mentions that it took procedures to harden the security around its resources.

#2.) Melrose Police Department Pays 1 Bitcoin Ransom

The Melrose Police Department was infected with a ransomware virus after a detective opened an infected email attachment. The small Massachusetts police department was left with no other option other than pay the $489 for a Bitcoin in order to retrieve case related data.

“It’s evil, but it’s pretty ingenious,” says Jorge Pazos, the Information Technology Director of the Melrose Police Department.

#3.) MedStar in Maryland Has 10 Hospitals Impacted by Ransomware

MedStar operates a network of hospitals in Maryland. In 2016, the regional healthcare provider confirmed that 10 hospitals in its network were dealing with a ransomware infection.

MedStar claims that it did not pay the ransom and that all systems have been restored to full health. MedStar says that early reports of a flaw in Its JBOSS server are incorrect. MedStar further declined to reveal the root cause of the ransomware outbreak.

#4.) Chinese Government Inadvertently Hosts Ransomware

The Chinese Government inadvertently hosted a website that infected its visitors using the Angler exploit kit. Once vulnerable PCs visited the government department website, the ransomware virus proceeded to encrypt the hard drive of the unsuspecting user.

This attack is notable because it is the first known instance of a ransomware infection being served from a “.gov” domain.

#5.) UK Parliament Confirms Ransomware Infection

The UK Inquirer reports that a UK Parliament member had their PC infected with the popular Cryptowall strain of ransomware. The Inquirer goes on to say that hackers demanded an unreasonable amount of money, and it was unclear whether or not the Parliament paid the ransom.

The Inquirer confirms that data on the infected PC contained confidential memos vital to government business.

#6.) Whanganui District Health Board Gets Hit with Locky

In New Zealand, the Whanganui District Health Board is one of the largest healthcare providers in the region. In 2016, the health district board confirmed that it had been infected with the Locky variant of ransomware.

Barry Morris, the ICT Manager at the health board, told the New Zealand Herald that his IT team had contained the Locky outbreak and swiftly provided access to the locked files using backups. The New Zealand based health board mentioned that it did not pay the ransom.

#7.) Hollywood Presbyterian Medical Center Pays $17,000

Arguably the most high profile ransomware attack of all time is the incident that happened at Hollywood Presbyterian Medical Center in Southern California. The LA Times reports that the hospital was forced to pay $17,000 in ransomware fees in order to regain control of their files.

When news of the hospital being infected with the ransomware virus broke, some news outlets were erroneously reporting that the ransom price was over $3 million dollars. Nevertheless, while the hospital was locked out of its files, it was forced to do everything on paper and operate as if a disaster recovery scenario were taking place.

#8.) Internal State of Emergency Declared at Kentucky Hospital

Methodist Hospital in Henderson, Kentucky recently displayed a red banner on their website alerting patrons that their IT crew was battling a ransomware infection. The Kentucky hospital was being asked to pay a $1,600 ransom. Leaders at the hospital said that they would only pay the fee if it was absolutely necessary.

Initial reports suggest that the Locky ransomware virus infected the hospital through a spam email message. Locky is a tricky infection because it uses Microsoft Office‘s macro feature in order execute its attack. New flavors of Locky will allegedly encrypt UNC paths on a target PC, making the new strains especially hard to contain.

If you have any worries about your network security, please call us at (833) 482-6435, or click the banner below to schedule an IT security audit so we can find the best security solutions for your business. Preparation for threats like this is a small cost compared to repairing the damage of an actual infection.

If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, LinkedIn, and Google+ to see how else we can help your Greenville, SC or Atlanta, GA area business succeed!