A month after a Los Angeles hospital was crippled by crypto-ransomware, another hospital is in an "internal state of emergency" for the same reason. Brian Krebs reports that Methodist Hospital in Henderson, Kentucky, shut down its desktop computers and Web-based systems in an effort to fight the spread of the Locky crypto-ransomware on the hospital's network.
Yesterday, the hospital's IT staff posted a scrolling message at the top of Methodist's website, announcing that "Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web-based services. We are currently working to resolve this issue, until then we will have limited access to web-based services and electronic communications." As of this morning, the message has been taken down from the site.
Methodist Hospital's information systems director told Krebs that the Locky malware, which came in as an attachment to a spam e-mail, attempted to spread across the network after it had infected the computer it was triggered on. Locky has been known to use malicious scripts in Microsoft Office documents as a means of infecting victims' computers. The malware succeeded in infecting several other systems, prompting the hospital staff to shut down all the hospital's computers. Each PC is brought back online individually after being scanned for telltale signs of Locky while off the network.