In South Carolina, the Horry County school district discovered its computers were encrypted with malware, which held valuable files on students and personnel to ransom. The hackers demanded $8,500, again in Bitcoin, to restore access to the files. The schools’ administration has approved the payment of the ransom and it’s now setting out to buy up some Bitcoin to pay off the culprits.
Meanwhile this week in Arizona, the Superior Court in Pima Country was struck by a similar attack. The malware is believed to have been downloaded unwittingly by an employee, which is a pretty common way of introducing the malware to the network. The court was luckier than the South Carolina schools as the according to the court its IT team was able to isolate the malware and retrieve files without having to pay any ransom.
Even a church in Oregon was hit. The Community of Christ Church in Hillsboro paid up $570 this week to decrypt its data. “We began the process of figuring out what we can do about it and discovered that the only thing we could do was to pay the ransom,” said the pastor, who struggled with figuring out how to use Bitcoin. He’s finding a number of files that are encrypted despite paying the fee.
This all fits into a developing trend. and not just in the U.S. Hospitals in Germany were targeted this month, too. The first incident took place at Lukas Hospital in the city of Neuss two weeks ago where the ransomware made its way into the system and encrypted patient data.
Now the hospital is in old school lockdown with patients and visitor told to avoid emailing and stick with phone calls or even faxing if they need to get in touch.
“We then pulled the plug on everything,” said a hospital spokesperson upon finding out about the virus. “Computers, servers, even the email server, and we went offline.” While the hospital had the foresight to keep its data backed up, the attack is still causing a major disruption to staff. No figure has been demanded by the perpetrators as of yet.
Just two days later another German hospital, this time in North Rhine-Westphalia, fell victim to a similar strain of ransomware but it remains unclear if the two attacks are at all related. In this case, just one of 200 servers was infected, and the hospital has a backup, which reiterates how vital it is for companies (and individuals) to have a secure backup.
Ransomware has been around for a number of years, but the last few months have seen stark increase in ransomware activity. Users should be careful to keep backups on hand, and to keep up to date with the latest security releases. A backup can not just save you from having to pay, but also from losing files. As in the case of The Community of Christ Church, the decryption promised by ransomware doesn’t always occur when the ransom is paid.
