Incidents

Nursing homes affected by ransomware infection. Hackers demand 14M USD payment

Over a hundred nursing homes in the US have had their operations crippled because the company providing them with technology services has become victim of a severe ransomware infection. According to information security specialists, threat actors, allegedly Russian hackers, demand a ransom of more than $14 million USD.

The affected company is Wisconsin-based Virtual
Care Provider, which grants Internet connection and data storage services to
these senior care centers. In some of the affected facilities, medical and
administrative staff is unable to use the Internet, access payroll and medical
history systems.

Through a statement on its website, the company
mentioned that its information security teams are working on restoring services
interrupted since November 17, the day the infection was triggered: “About
80k computers were infected by this ransomware,” the statement, signed by
Karen Christianson, executive director of Virtual Care Provider, says.

The executive director added that it is highly
likely that some of the affected facilities will go out of business, forcing a
transfer of patients to other care facilities, as many of them require special
care that cannot be provided in these facilities for now.

Information security specialist Alex Holden,
from local security firm Hold Security, is one of the main responsible of the
investigation of this incident, and claims that a well-known group of Russian
hackers is behind the attack, which succeeded after a phishing campaign of more
than a year: “Some employees of the company interacted with these
fraudulent emails for months; eventually, the malware infiltrated the company’s
networks, giving hackers full access to their systems to exploit any security
weaknesses,” he says.

In his report, Holden mentions that hackers
even took the time to disable some security measures on the company’s networks,
such as antivirus tools, to spread the infection to a large number of machines.
Eventually, the attackers accessed the company’s administrator accounts,
gaining full control of their systems to delete backups, trying to prevent the
company from being able to restore its systems without paying the ransom.

Upon completion of the infection, the attackers
sent a ransom note to the company, revealing its $14 million USD in Bitcoin
demand in exchange for regaining access to their systems. “Virtually all
the information held by the company was deleted,” Holden says.

According to information security specialists
from the International Institute of Cyber Security (IICS), this is a
catastrophic scenario for Virtual Care, as hackers surely deduced that it was a
large company. It’s actually a small company that works with the computers of
many other companies, so paying a $14M USD ransom is out of its reach. As if
that were not enough, the attackers removed their backups, so that the company
will lose all their information and the hackers will not make any profit, as
Virtual Care simply does not have enough resources.

For the time being, Virtual Care has already
notified its customers that a hundred physical servers will need to be rebuilt,
a process that will take considerable time, in addition to being expensive; however,
this is the only viable option for the company, as there is no longer any way
to recover the lost information.

To Top

Pin It on Pinterest

Share This