Bit Paymer ransomware behind NHS Lanarkshire attack
Bit Paymer ransomware behind NHS Lanarkshire attack. Many hospitals member of the NHS Lanarkshire board were infected on Friday (August 25) by a variant of the Bit Paymer ransomware.
Actually, the ransomware is installed after attackers performed brute-force attacks on exposed RDP endpoints. After getting access to a compromised system, hackers move laterally on the breached network and install Bit Paymer manually on each hacked system. Bit Paymer then encrypts all the files with a combination of RC4 and RSA-1024 encryption algorithms.
Security experts detected Bitpaymer ransomware on the computer network on Friday afternoon, which led to some appointments and procedures being cancelled. The health board said that all of the affected systems have now been restored.
Bit Paymer ransomware behind NHS Lanarkshire attack.
Chief executive Calum Campbell said: “We have identified the source of the malware and investigations are ongoing as to how this was able to infiltrate our network.
“Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems have been affected and these are in the process of being fixed. “Unfortunately a small number of procedures and appointments have been cancelled as a result of the incident.
Sadly, there’s currently no way to recover files locked by the Bit Paymer ransomware.
What is Ransomware?
Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
Bit Paymer ransomware behind NHS Lanarkshire attack. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm“, traveled automatically between computers without user interaction.