|
If you see this message.
The move to a new host has completed
|
|
|
Posts: 2,316
Joined: April 2011
|
|
#69110
05/25/2016 5:56 PM
|
Joined: Apr 2011
Posts: 2,316 Likes: 2
G Member
|
OP
G Member
Joined: Apr 2011
Posts: 2,316 Likes: 2 |
Negotiating with criminals doesn't always work out, as Kansas Heart Hospital in Wichita learned last week. The hospital paid to get files back after falling victim to ransomware, but only got "partial access" and a demand for more money, Techspot is reporting.
That's right: the criminals got their ransom, and then decided they wanted more money. The hospital's president, Dr. Greg Duick says the hospital is not paying up.
"I'm not at liberty, because it's an ongoing investigation, to say the actual exact amount," said Duick. "A small amount was [paid]."
The hospital had a plan for this sort of attack, and it's not clear why it didn't work. Without more details from Kansas Heart, it's hard to say. But there's at least one bright side.
|
|
|
|
|
Joined: Nov 2006
Posts: 2,084
Member
|
|
Member
Joined: Nov 2006
Posts: 2,084 |
I wonder if this was the "Locky" ransomeware. The email looks like a request for payment with an attachment "invoice". When you open the attachment, it asks you to allow macros. If you do, it encrypts your files and demands payment to unlock, usually in bitcoin.
It has come to several of our office emails, including an email linked to our Updox workspace. Fortunately none of our staff have fallen for it.
John
Internal Medicine
|
|
|
|
|
Joined: Sep 2003
Posts: 12,856 Likes: 32
Member
|
|
Member
Joined: Sep 2003
Posts: 12,856 Likes: 32 |
MalwareBytes recommends strongly that you NOT pay the ransom. Of course, with a hospital that may not be so easy.
The FBI, which until now, did not have a stance either way has come out and urged people NOT to pay the ransom.
It doesn't seem good for business for the criminals to not send the encryption key. Just this story alone would convince many people not to pay.
I could see falling for the attachment, but then enabling macros. That's crazy.
Bert
Pediatrics
Brewer, Maine
|
|
|
|
|
Joined: Sep 2010
Posts: 362 Likes: 6
Member
|
|
Member
Joined: Sep 2010
Posts: 362 Likes: 6 |
I'm trying to educate my staff on these threats. I have everyone including myself loggin in as a standard user (non-administrator). How much does that help to protect us?
For attachment macro attacks should we be specifically disabling them somewhere in Office? And can any non-administrator "enable" macros?
Of course I've instructed staff to not open attachments in general unless really sure of the source.
We apply all our microsoft, adobe reader, java patches promptly.
Backups including disconnected drive.
Anything else for prevention recommended?
Larry
Solo IM
Midwest
|
|
|
|
0 members (),
34
guests, and
13
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
|
.png "ACUF Donor I")
