Maryland hospital group hit by ransomware launched from within [Updated]
Baltimore’s Union Memorial is one of the hopitals hit by Samsam, an autonomous ransomware strain spread by exploiting JBoss servers. (credit: MedStar)
Baltimore’s Union Memorial Hospital is the epicenter of a malware attack upon its parent organization, MedStar. Data at Union Memorial and other MedStar hospitals in Maryland have been encrypted by ransomware spread across the network, and the operators of the malware are offering a bulk deal: 45 bitcoins (about $18,500) for the keys to unlock all the affected systems.
Reuters reports that the FBI issued a confidential urgent “Flash” message to the industry about the threat of Samsam on March 25, seeking assistance in fighting the ransomware and pleading, “We need your help!” The FBI’s cyber center also shared signature data for Samsam activity to help organizations screen for infections. But the number of potential targets remains vast, and the FBI was concerned that entire networks could fall victim to the ransomware.
According to sources who spoke to the Baltimore Sun, the malware involved in MedStar’s outages is Samsam, also known as Samas and MSIL. The subject of a recent confidential FBI cyber-alert, Samsam is form of malware that uses well-known exploits in the JBoss application server and other Java-based application platforms. As Ars reported on Monday, Samsam uses exploits published as part of JexBoss, an open-source security and penetration testing tool for checking JBoss servers for misconfiguration.