Many hospitals member of the NHS Lanarkshire board were infected on Friday (August 25) by a variant of the Bit Paymer ransomware.
Actually, the ransomware is installed after attackers performed brute-force attacks on exposed RDP endpoints. After getting access to a compromised system, hackers move laterally on the breached network and install Bit Paymer manually on each hacked system. Bit Paymer then encrypts all the files with a combination of RC4 and RSA-1024 encryption algorithms.
Security experts detected Bitpaymer ransomware on the computer network on Friday afternoon, which led to some appointments and procedures being cancelled. The health board said that all of the affected systems have now been restored.
Chief executive Calum Campbell said: “We have identified the source of the malware and investigations are ongoing as to how this was able to infiltrate our network.
“Our staff have worked hard to minimise the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved. A small number of systems have been affected and these are in the process of being fixed. “Unfortunately a small number of procedures and appointments have been cancelled as a result of the incident.
Sadly, there’s currently no way to recover files locked by the Bit Paymer ransomware.