Many hospitals member of the NHS Lanarkshire board were infected on Friday very good attack against

Bit Paymer ransomware behind NHS Lanarkshire attack

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

Bit Paymer ransomware behind NHS Lanarkshire attack

 

Bit Paymer ransomware behind NHS Lanarkshire attack. Many hospitals member of the NHS Lanarkshire board were infected on Friday (August 25) by a variant of the Bit Paymer ransomware.

Actually, the ransomware is installed after attackers performed brute-force attacks on exposed RDP endpoints. After getting access to a compromised system, hackers move laterally on the breached network and install Bit Paymer manually on each hacked system. Bit Paymer then encrypts all the files with a combination of RC4 and RSA-1024 encryption algorithms.

Security experts detected Bitpaymer ransomware on the computer network on Friday afternoon, which led to some appointments and procedures being cancelled. The health board said that all of the affected systems have now been restored.

Bit Paymer ransomware behind NHS Lanarkshire attack.

Chief executive Calum Campbell said: “We have identified the source of the malware and investigations are ongoing as to how this was able to infiltrate our network.
“Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems have been affected and these are in the process of being fixed. “Unfortunately a small number of procedures and appointments have been cancelled as a result of the incident.

Sadly, there’s currently no way to recover files locked by the Bit Paymer ransomware.

 

What is Ransomware?

Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

ALSO READ  Hackers using Facebook CDN servers to bypass security

Bit Paymer ransomware behind NHS Lanarkshire attack.  In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm“, traveled automatically between computers without user interaction.

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon