New ransomware holds medical records with hostile encryption

The Miami Family Medical Center in Queensland is holding its position, refusing to pay. It took the drive offline, but the inaccessibility means that everything from verifying a patient’s prescription to cross-referencing recent pathology results have become a chore for the center. That puts the $4,200 in perspective: surely a small cost to get the business running again? 

"Cyber criminals based mainly throughout Eastern Europe look for rich targets, places with identifying information to extort," Nigel Phair, director of Australia's Center for Internet Safety, told Australia’s ABC News. "It's similar to traditional fraud in that you keep the value low and the volume high, so you can get $4,000.”

Phair also noted that the clinic is running out of avenues forward, since the hackers will not be easy to trace and local help from Russian authorities is unlikely. "At this point, most probably, their only option is to pay," he told ABC. “Though that's not the best option because as we know from extortion that once you pay they'll follow that up."

For instance, the group may only agree to decrypt part of the data, demanding another payment.

The facility is still at a loss for how the breach occurred in the first place. "We've got all the antivirus stuff in place – there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software," clinic co-owner David Wood told Australia's ABC News.

Miami Family isn’t the first to be attacked in Oz. In September, police issued a notice that four other Queensland medical centers were hit, along with other businesses. The data was encrypted and a ransom of $3,000 was then demanded, increasing by $1,000 a day until paid.

Nonetheless, security researchers find the events to be a new wrinkle on an old shirt when it comes to typical ransomware campaigns. “This strikes us as an interesting development as most of the ransomware we've seen during 2012 has been focused on locking out individuals from their desktops,” wrote Sean Sullivan, security advisor at F-Secure Labs, in a blog post.

However, he’s not surprised, exactly. “There have been numerous ‘hacktivist’-driven breaches during 2012, including ones involving sensitive medical records,” he noted. “It really is not much of a surprise, or it shouldn't be, that some criminals have developed ways to profit from the same sort of hacker activity. Is this the beginning of a trend which we'll see outside of Oz in 2013?”

What’s hot on Infosecurity Magazine?