Update (March 14th): Corrected any implication that Ottawa Hospital paid a ransom to criminals to recover files. We have been directly informed by the hospital that this was not the case and we sincerely apologize for indicating otherwise.
Ottawa Hospital has confirmed its computer network was hit with ransomware this week, as four of its 9,800 machines were affected. As reported by CBC News, the computers were struck by malicious code that encrypted files and data. “The malware locked down the files and the hospital responded by wiping the drives,” said Kate Eggins, a spokeswoman for the hospital.
According to ESET senior security researcher Stephen Cobb: "The phrasing of this statement suggests that the hospital had appropriate defensive measures in place to defeat ransomware, such as an efficient and well-tested backup and recovery process."
Ms. Eggins added: “We are confident we have appropriate safeguards in place to protect patient information and continue to look for ways to increase security. We would like to reiterate that no patient information was obtained through the attempt.”
The incident at Ottawa Hospital comes at a time when ransomware is on the rise, spread through malware sent via spam emails or planted on infected websites. This latest attack comes just a month after a similar incident at the Hollywood Presbyterian Medical Center, based in Los Angeles. In that case, the hospital is reported to have paid the criminals $17,000 to unlock the computers (original reports that the hospital paid millions of dollars were erroneous, probably based on a miscalculation of the value of Bitcoin, the cryptocurrency preferred by ransomware extortionists).
Meanwhile, a new ransomware dubbed KeRanger was found to be infecting Apple OS X machines last week, spread via the BitTorrent app Transmission.
According to ESET’s latest trends report, (In)Security Everywhere, ransomware attacks are only likely to increase in 2016. These types of malicious software attacks have grown in popularity because they offer cybercriminals the opportunity to generate significant revenue. At the same time, the growing number of internet-connected devices means a greater variety of devices are open to attack.
Cobb notes that current best practices to defeat ransomware include always using a reputable anti-malware product on all endpoints and servers, and making sure it is always on and updated. Adds Cobb, "In addition, having an appropriate backup and recovery program in place means that even if ransomware gets to a system you can recover the data and avoid paying the ransom."
