Kentucky hospital calls state of emergency in hack attack

Kentucky hospital hit by ransomware
Kentucky hospital hit by ransomware

A Kentucky hospital is operating in an internal state of emergency following an attack by cybercriminals on its computer network, Krebs on Security reported.

Methodist Hospital, based in Henderson, Kentucky, is the victim of a ransomware attack in which hackers infiltrated its computer network, encrypted files and are now holding the data hostage, Krebs reported Tuesday.

The hospital has not responded to CNBC's requests for comment.

The criminals reportedly used new strain of malware known as Locky to encrypt important files. The malware spread from the initial infected machine to the entire internal network and several other systems, the hospital's information systems director, Jamie Reid, told Krebs.

"We essentially shut our system down and reopened on a computer-by-computer basis," David Park, an attorney for the Kentucky healthcare center told Krebs.

The hospital is reportedly considering paying hackers the ransom money of four bitcoins, about $1,600 at the current exchange rate, for the key to unlock the files.

The FBI is reportedly investigating and declined to comment for this story.

This is just the latest hack attack by cybercriminals using ransomware to shut down critical infrastructure, a cyber threat that the FBI warns is on the rise. "Ransomware has been around for several years, but there's been a definite uptick lately in its use by cyber criminals," the FBI warned in a January report.

Participants at a hacking conference.
Virtual extortion a big business for cyber criminals

In February, a California hospital paid a $17,000 ransom to get its files back. In that case, hackers shut down the internal computer system for more than a week, initially demanding a ransom of almost $3.7 million.

Hollywood Presbyterian Medical Center in Los Angeles
The hospital held hostage by hackers

The way ransomware infects computers has also become more effective. When ransomware first emerged, the most common way for computers to become infected was when users opened email attachments containing the malware, the FBI reported.

"But more recently, we're seeing an increasing number of incidents involving so-called 'drive-by' ransomware, where users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive e-mail or pop-up window," the FBI said in its report.

According to the FBI, the way cybercriminals are demanding payment has also changed, from prepaid cards to bitcoin. Hackers prefer bitcoin because of the anonymity the decentralized virtual currency network offers.

A hacker's target could be anything, anyone: Intel Security
A hacker's target could be anything, anyone: Intel Security

With ransomware attacks on critical infrastructure, cybercriminals have found a sweet spot, said security expert Ben Johnson. Hospitals, power companies and government municipalities are often more concerned with getting back online than investigating an attack. They are also often battling on aging computer operating systems with understaffed security teams.

"So they pay, thus encouraging the attackers because it is working," said Johnson, a former NSA employee and co-founder and Chief Security Strategist for Carbon Black.

"Ransomware has done its market research and found its ideal market segment," Johnson said. "Last year, it was that all your health records will be stolen, this year it's that you'll be in the hospital and all the systems will fail."