A new ransomware campaign has targeted a not-for-profit cancer services organisation, the Little Red Door. The organization provides a number of cancer support services, including diagnostics and treatment.
The system at the agency was infected by a ransomware last Wednesday, January 11, 2017, at around 10:00 PM.
According to the Associated Press a ransomware infected its server and demanded a 50 bitcoin ransom (roughly US$44,000) in order to decrypt the files.
“A ransomware group has infected the computers of an Indiana-based cancer agency and have asked for a large payment of 50 Bitcoin ($44,800).” reported Bleepingcomputer.com.
“The victim is Cancer Services of East Central Indiana-Little Red Door, an organization that helps “reduce the financial and emotional burdens of those dealing with a cancer diagnosis.“”
The Little Red Door Executive director, Aimee Fant, confirmed that data of the organization was stored in unspecified cloud storage.
The singularity of this specific ransomware attack it the fact crooks demanding the ransom directly to the cancer agency’s staff via phone and email.
“First, they sent text messages to the agency’s Executive Director, President, and Vice President phones, and then they sent a standardized “form letter” via email. The emails contained detailed payment instructions, but also several threats.” added bleepingcomputer.com.
According to the cancer agency’s Executive Director Aimee Fant, the group threatened to contact family members of living and deceased cancer clients, donors and community partners.
The organization, of course, will not pay the ransom because its money has to be used to provide the necessary services to cancer patients and their families.
“The agency will not raise money to pay the criminals’ ransom,” Fant said.
This is really a sad story, the organization has no choice, it has to replace the infected server and store the old one in the hope a security firm or law enforcement will find decryption keys during their operations.
The agency plans to replace the server with a “secure cloud-based” platform and hopes to be restored operations within the week.
The attack was reported by the organization to the FBI.
(Security Affairs – ransomware, cybercrime)