Hackers have struck an Illinois public health agency at the worst time: A ransomware strain has taken down the website for the Champaign-Urbana Public Health District — right as it’s been trying to inform the public about the coronavirus outbreak.
According to The News-Gazette, cybercriminals are to blame; an administrator for the public health district told the newspaper a ransomware strain called “Netwalker” struck on Tuesday, causing staffers to lose access to the agency’s files.
“The timing is horrible,” Administrator Julie Pryde told The Gazette.
A spokesperson for the agency also confirmed the attack with PCMag. "We are still analyzing our systems to determine how the attack occurred so do not have details at this time. There was a ransom demanded and reluctantly paid. I am not authorized to discuss the amount; however, we do have cyber extortion insurance which I would recommend all organizations look into," she said in a statement.
The incident occurs as security experts have long worried about ransomware attacks striking the health sector, and putting real patients' lives at risk. This happened in the 2017 WannaCry ransomware outbreak, which hit the IT network of hospitals in the UK, forcing the cancellation of 19,000 appointments.
Last year, ransomware attacks against the health sector were prolific, with at least 759 healthcare providers hit, according to the security firm Emsisoft.
The attacks work by infecting a computer, and encrypting all the files on board. To free the computer, the victim has to pay a ransom. In many cases, the attacks can also spread across a network in an attempt to infect other machines and hold them hostage, resulting in ransoms in the thousands or even millions of dollars.
The Netwalker strain (also known as MailTo) appears to be relatively new, but it grabbed headlines last month for striking an Australian transportation and logistics company. According to security experts, Netwalker might be arriving via phishing emails loaded with malware or through hackers breaking into online accounts secured with weak passwords.
In the meantime, the agency has been using its Facebook page to communicate to the public about the ongoing coronavirus outbreak, which has spread to more than 1,300 cases in the US. It’s also created a temporary website with information about the coronavirus.
Further Reading
- Google Researchers Find Design Flaw in Avast Antivirus
- 'Wormable' Windows 10 Flaw Accidentally Leaks Before Patch Is Ready
- 2 Attendees at Last Month's RSA Cybersecurity Show Now Have Coronavirus
- Microsoft Cripples Necurs Botnet by Predicting Its Communication Patterns
- More in Security