The Maryland ransomware attack at the Medstar Union Memorial Hospital in Baltimore made public on March 31st woke up the medical community. Doctors, nurses and other staff now more than ever understand how crucial it is to have hack-proof IT security systems.
The Samsam exploit that has the Medstar system in fear right now is so serious that it warranted an FBI flash warning. This threat could spread throughout an entire JBoss server and infect millions of applications. Hackers have found a way to accomplish their damaging mission by integrating intrusive malware into the Jexboss routine JBoss server checking tool.
In other words a scanning tool meant for the benefit of more than two million Medstar systems is being executed as malware. These exploits exist in the JBoss Management Console particularly when using JBoss’s default installation settings. The Samsam threats target primarily Windows but not Linux machines at this time.
Once an unsecured server is compromised, there is no way to access the JBoss command and control panel for repair. This ransomware then continues to spread like a self-producing worm. It causes changes within proxy servers that result in harvesting Windows usernames and passwords from individual workgroup users.
After implanting ransomware to gain Windows administrative access, hackers will have free reign and can even keep computer users from accessing data. Then, this ransomed information is held by “kidnappers” and only revealed for a large sum of money. In this case, Medstar hackers are demanding 45 bitcoins, which equals approximately $18,500 United States dollars.
In addition to the Samsam threat that has resulted in asking for ransom money to restore servers, this threat could possibly be used to steal patient information. A main motive of this is to impersonate a stranger to gain access to financial account numbers. However, this exploit could have more serious implications.
In addition to financial loss, malware implants can cause software used to run hospital machines to fail. When this happens, it could cost lives and even could result in an entire hospital having to close its doors. This kind of problem in turn can affect an entire community especially if no other medical service is found within less than 30 miles from a person’s home.
The first step toward helping walk-in clinics, doctors offices and other medical facilities prevent data breaches will be to upgrade their servers. This involves setting up new IT network shields against attacks not yet known by ransomers. It also might require stricter interoffice workspace security in case an inside threat occurs.
IT specialists are working around the clock to prevent financial loss caused by ransomware. They are even communicating with the FBI to forge the latest security updates as soon as possible. In the meantime, all medical centers are advised not to share any information with unknown parties. Advanced encryption will also be needed to prevent further automatic Windows username and passwords collections.