DCH hospitals in Alabama have decided to the pay ransom for the Ryuk Ransomware in order to receive a decryptor and get their computer systems back up and running.
On October 1st, 2019, DCH Health System, which includes the DCH Regional Medical Center, Northport Medical Center, and Fayette Medical Center in West Alabama's Tuscaloosa, Northport, and Fayette, were affected by a Ryuk ransomware attack that forced them to shut down their computer systems and to stop accepting new non-emergency patients.
Over the weekend, DCH issued an updated statement regarding the incident and said that some systems were being restored from backups, but they pay the ransom and purchase the Ryuk decryption key in order to restore access to other encrypted systems.
"In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration. We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems. "
DCH has not stated how much they paid for the decryptor, but have confirmed that they have successfully decrypted multiple encrypted servers.
"We have successfully completed a test decryption of multiple servers, and we are now executing a sequential plan to decrypt, test and bring systems online one-by-one. This will be a deliberate progression that will prioritize primary operating systems and essential functions for emergency care. DCH has thousands of computer devices in its network, so this process will take time."
It is currently not known when their systems will be fully online.
Ryuk victims have a small chance of getting free decryption
Security firm Emsisoft recommends that affected victims contact them before paying the ransom as there is a small chance that they may be able to help users decrypt their files using free tools.
Furthermore, it is strongly advised that victims report Ryuk, and other ransomware, attacks to the FBI as they sometimes can help with free decryption as well. Sharing information about these attacks will also aid law enforcement in their ransomware investigations.
Victims can report ransomware attacks through the IC3 complaint form or via their local FBI field office.
Comments
Dominique1 - 5 months ago
Isn't publicizing that a ransom had been paid counter productive to fight this plague? If we give the advice never to pay the ransom, shouldn't we keep the lid on ransom payments?