14 DAY TRIAL // A spokesperson for the Whanganui District Health Board has acknowledged that ransomware has infected the computer systems of one of its hospitals.
Whanganui District Health Board's Information and Communications Technology Manager Barry Morris has confirmed the infection was by the Locky ransomware family.
Mr. Morris says the incident took root yesterday, February 23, and that the hospital has not yet paid a ransom. A similar incident happened at the Hollywood Presbyterian Medical Center in Los Angeles, where the hospital's board agreed to pay $17,000 / €15,000 to get rid of the ransomware.
Locky ransomware was seen for the first time a week ago by security analysts from Palo Alto Networks. Even if quite new, the ransomware is already considered one of the most advanced crypto-ransomware pieces around and is currently undecryptable.
The Locky ransomware also caught the researchers' attention after its operators used an aggressive spam campaign to spread it around the world. Palo Alto researchers add the ransomware was actually distributed by one of the criminal groups previously involved with the Dridex banking trojan botnet.
The ransomware employs altered Word documents to infect the users' computers and can also infect unmapped network drives, something many ransomware families can't do.
As the week passed, Palo Alto's discoveries were reinforced by similar sightings, like the one from Heimdal Security, who also noticed the aggressive spam campaign.
The Whanganui District Health Board's hospital is the first high-profile target infected by this ransomware, but we doubt it will be the last.