Tech

Cybercriminals hold German hospitals to ransom

Ransomware is once again the key weapon in targeting core health services.

Written by Charlie Osborne, Contributing Writer Feb. 29, 2016 at 4:09 a.m. PT

A number of hospitals in Germany have fallen prey to ransomware, disrupting core healthcare services and internal systems.

According to German publication Deutsche Welle, several German hospitals, including the Lukas Hospital in Neuss and the Klinikum Arnsberg hospital in North Rhine-Westphalia have become victims of ransomware.

Ransomware is a virulent and particularly nasty breed of malware which is not content with surveillance or data theft. Once a machine is infected -- usually through downloading and opening malicious files -- the malicious code locks down systems and encrypts files.

A holding screen then pops up, demanding a ransom in virtual currency in exchange for a key which will decrypt files and return access to a user.

The news comes after the US-based Southern California hospital paid a fee of $17,000 in Bitcoin to regain access to system files locked by ransomware. The computer network, shut down since the attack began, was then unlocked using the decryption key and normal services were able to resume.

Security

The Lukas Hospital has been forced to pull the plug on everything and go back to phone calls, fax and pen-and-paper records for the past few weeks, where IT systems are still offline.

High-risk surgeries have been pushed back until systems are back in order and handwritten notes have been filed. Luckily, Lukas performs regular backups, but unless files are restored, it is likely some data has been lost -- a dangerous idea in the world of healthcare.

Klinikum Arnsberg spokesperson Richard Bornkeßel told the publication they too are ransomware victims, and the malware was able to enter IT systems through an email which contained a virus. A quick response has saved this hospital from vast amounts of damage -- the virus was detected in one server, and immediately the other 199 servers used by the hospital were switched off to prevent the malware spreading.

While individuals become victims of ransomware such as Cryptowall and TeslaCrypt every day, eventually, security companies are often able to produce free software which unlocks systems. However, in cases where malware has infected key community services, the quickest way is simply to pay the ransom.

This is unfortunate as you would be paying for criminal enterprises, but a country's healthcare systems are needed and files often irreplaceable.

Neither hospital has bowed to the cybercriminal's demands and paid the ransom. DW says it will "take weeks" for systems to be up and running again.