Nursing homes affected by ransomware infection. Hackers demand 14M USD payment

Over a hundred nursing homes in the US have had their operations crippled because the company providing them with technology services has become victim of a severe ransomware infection. According to information security specialists, threat actors, allegedly Russian hackers, demand a ransom of more than $14 million USD.

The affected company is Wisconsin-based Virtual Care Provider, which grants Internet connection and data storage services to these senior care centers. In some of the affected facilities, medical and administrative staff is unable to use the Internet, access payroll and medical history systems.

Through a statement on its website, the company mentioned that its information security teams are working on restoring services interrupted since November 17, the day the infection was triggered: “About 80k computers were infected by this ransomware,” the statement, signed by Karen Christianson, executive director of Virtual Care Provider, says.

The executive director added that it is highly likely that some of the affected facilities will go out of business, forcing a transfer of patients to other care facilities, as many of them require special care that cannot be provided in these facilities for now.

Information security specialist Alex Holden, from local security firm Hold Security, is one of the main responsible of the investigation of this incident, and claims that a well-known group of Russian hackers is behind the attack, which succeeded after a phishing campaign of more than a year: “Some employees of the company interacted with these fraudulent emails for months; eventually, the malware infiltrated the company’s networks, giving hackers full access to their systems to exploit any security weaknesses,” he says.

In his report, Holden mentions that hackers even took the time to disable some security measures on the company’s networks, such as antivirus tools, to spread the infection to a large number of machines. Eventually, the attackers accessed the company’s administrator accounts, gaining full control of their systems to delete backups, trying to prevent the company from being able to restore its systems without paying the ransom.

Upon completion of the infection, the attackers sent a ransom note to the company, revealing its $14 million USD in Bitcoin demand in exchange for regaining access to their systems. “Virtually all the information held by the company was deleted,” Holden says.

According to information security specialists from the International Institute of Cyber Security (IICS), this is a catastrophic scenario for Virtual Care, as hackers surely deduced that it was a large company. It’s actually a small company that works with the computers of many other companies, so paying a $14M USD ransom is out of its reach. As if that were not enough, the attackers removed their backups, so that the company will lose all their information and the hackers will not make any profit, as Virtual Care simply does not have enough resources.

For the time being, Virtual Care has already notified its customers that a hundred physical servers will need to be rebuilt, a process that will take considerable time, in addition to being expensive; however, this is the only viable option for the company, as there is no longer any way to recover the lost information.