Ransomware attack in Mysuru private hospital
Mysuru: The main financial server and patient data of a private hospital in Mysuru was hacked by unknown persons in turn for a ransom in bitcoin, following which the hospital authorities approached the Cybercrime, Economic offences and Narcotics (CEN) Police.
An FIR was registered by the police. The hackers who stole the data left a message where they asked for a ransom amount in bitcoin, as per a media report in the Times of India.
According to a media report in the Star of Mysore, the issue came to light after the hospital employees complained of computer access problems. Following that, the team members began looking for malicious software and they found a file, which had instructions to contact the perpetrators of the cyberattack.
The hospital officials realized that their main financial server and patient data were hacked, with a message left which sought ransom in bitcoin. Those responsible for the attack held the data hostage until they made a payment in bitcoins.
However, the hospital did not lose a lot since it had a data backup in hard disks, and they have been used to resume the functions at the hospital.
DCP Pradeep Gunti stated that they have registered an FIR, with the investigation still going on. The complaint was filed by the hospitals' chief security officer at the Cybercrime, Economic offences and Narcotics (CEN) Police Station in Nazarbad.
The City Police Commissioner Dr. Chandragupta further confirmed that an FIR was registered on November 19 with Inspector Shekhar and the team leading the investigation.
He said, "We have heard of such ransomware attacks from elsewhere but this is for the first time such an incident has been reported in Mysuru and that too in a reputed hospital." They are looking into the complaint as per procedure, he said.
A security researcher from the city, Ehraz Ahmed pointed out that a security check should be conducted periodically, which is the only way to prevent such attacks.
He said that the antivirus usage should be updated from time to time. Further, he pointed out that the servers which are used to store the data should be secured, there should be a backup plan for all critical and sensitive data, and there should be restrictions with access to such data and servers.
Ahmed further added that the firms should take care not to install and run unwanted third party software, which would help in keeping the servers secure and preventing any malware from spreading through the network, reports the TOI.
In most such cases, the fraudsters target the data with ransomware and malware that encrypts an infected device and any attached devices or network drives. Following that, they demanded a ransom before releasing the devices from encoding.
Many are left with no choice but to pay the ransom to get the release of the devices from encoding if there are no required disaster recovery and backup plans.
In most such cases, the ransom amount are asked in the form of bitcoin, which is a form of cryptocurrency, in which transactions are irreversible and the owner of a particular bitcoin account can remain anonymous.
It has become the preferred mode of currency for ransomware hackers because of its ability to make transactions accessible while protecting the anonymity of those involved.