A ransomware affects some clinics of the Baltimore area, the ransom is promotional

Ransomware and medical clinics, a story that repeats itself: after the affair at Hollywood Presbyterian Medical Center, who in February has been forced to pay a ransom of 40 Bitcoin (about $ 17,000) in order to free up their information systems taken hostage by a ransomware, this time it's up to the MedStar Health company that has had to put offline by some hospitals in Baltimore systems.

A spokesman for MedStar said: "The MedStar Health IT systems have been affected by a virus that prevents some users to connect to our systems. MedStar acted quickly with a decision to place offline all interface systems to prevent the virus from spreading inside the organization. we are working with our iT partners and Cyber-security to assess and manage the situation. "

According to available information about 30,000 employees and more employees 3,000 affiliated physicians have been unable to access patient database, check email or look up phone contacts. Patients, in turn, they could not book appointments for diagnostic services.

The case was investigated by the Cisco Research Talos security researchers who have identified a new category of crypto-ransomware specially designed to attack vulnerable server, the latter incidentally widespread in the health sector. And this is the main difference with each other at the Hollywood Presbyterian Medical Center, where the infection spread through a standard phishing attack via email.

In particular it comes to web servers running JBoss, which can be attacked by malware baptized "Samsam" that exploits a vulnerability in one of the open source tools for JBoss. Once the malware is able to find a place on the server, it spreads on all Windows machines connected to the same network. The researchers believe that this approach could also be extended to other server resources, such as WordPress or other content management systems, in a natural evolution of ransomware threat.

What happened, however, it is a symptom of what is happening in all those organizations where IT is not the core business. The reality is that almost every society, like it or not, is becoming a reality and all IT industry witnessing an increasingly massive use of technologies for the management of information. Many of them, however, are not ready to face the challenges that lie before us. What happens is that many companies adopt an "approach fire and forget", setting up information systems at the time the assembly and leaving them unmanaged. The problem is obviously more effective in the health sector, since a failure in a hospital can make the difference between life and death.

Meanwhile the criminals behind the attack malware required to MedStar Health ransom with a formula "promotional": 3 Bitcoin ($ 1,250) for the key of a single computer, or 45 Bitcoin (about $ 18,500) for the release key of all infected systems.