Ransomware attacks Indonesia's largest cancer hospital

Ransomware attacks Indonesia's largest cancer hospital
The cyber attacks controlled the computer system and blocked access to data until the computer owner paid the ransom.
PHOTO: Pixabay

Ilham Negara, who was taking his girlfriend's mother for surgery at Dharmais Cancer Hospital in West Jakarta on Saturday morning, was perplexed when he discovered he could not get a queue number for admission.

Suffering from stage 2 cervical cancer, his girlfriend's mother was scheduled for surgery on Monday and was advised to stay at the hospital for two days prior to the surgery.

When Ilham proceeded to take the queue number he was greeted by an unusual message on the computer's display saying "Ooops, your files have been encrypted!".

The red background display was equipped with a digital timer to inform the reader how many hours were left before the files were deleted by the hacker, as well as a ransom statement, which stated they must send US$300 (S$421) worth of bitcoin, or around Rp 4 million (S$421) to a site address to recover the encrypted files.

Puzzled, Ilham tried to search for it on the internet only to discover the hospital was among those to have fallen victim to ransomware WannaCry that had attacked over 100 countries.

Ilham had to wait for three hours to finish the registration as the administration had to do it manually.

His girlfriend's mother finally entered her room at 11 a.m.

"I cannot imagine what will happen on Monday, when more patients come to register at the hospital. They are cancer patients, if they are in a more severe condition, it must be troublesome for them to wait in line for longer periods of time," he said on Sunday.

The cyber attacks controlled the computer system and blocked access to data until the computer owner paid the ransom.

Among those that have been reportedly under attack were Britain's public health system, the Russian Interior Ministry as well as businesses like international shipper FedEx and automotive manufacturer Nissan.

Widi Budianto, the hospital's head of information and technology, said the ransomware had locked access to patients' medical records and medical bills in around 600 computers in the country's largest cancer treatment centre.

"This is the second day since the attack occurred and we have checked and isolated 70 per cent of our computers," Widi said.

Widi who learned about the first attack on Saturday at 5 a.m. said that as the hospital always backed up its data they were not too worried.

But service at the hospital is expected to be slower than usual as it may have to operate manually on Monday.

"On Monday, when the patients' traffic is at its peak, there may be some clogged queues for patient services at the hospital since everything will be done manually," hospital director Abdul Kadir said on Sunday.

He said the situation might prolong patients' waiting time and slow down the patient handling process.

The communications and information minister visited the hospital on Saturday to observe the situation.

"This is a severe attack, but we are sure we are on top of it, and we are still trying to minimise the impacts of the attack," said Minister Rudiantara on Sunday, "Indonesia got attacked, yes, but the attack in our country is not the most severe."

The ministry has also disseminated instructions on what to do when the attacks happen, including updating the security on Windows by installing Patch MS17010, disabling macros and SMB v1 functions, and disconnecting LAN cable and internet connection from computers.

The ministry also asked everyone to remain calm if they are being attacked and to consult with the Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) or seek online consultation at nomoreransom.org

Adi Jaelani of ID-SIRTII said that WannaCry victims were those who used Windows 8 or any windows system operations before that and had not updated the patch.

"Whatever happens, don't pay the ransom," Adi said.

There is no guarantee that the hacker will give the decrypts after the victim pays the money.

On the contrary he might ask for more money, he added.

Sr. Comr. Fadil Irman, the head of the National Police's cybercrime unit said that the police would collaborate with international law enforcement and Microsoft representatives to solve the cyber crime attack.

More about

Hacking virus
Purchase this article for republication.

BRANDINSIDER

SPONSORED

Most Read

Your daily good stuff - AsiaOne stories delivered straight to your inbox
By signing up, you agree to our Privacy policy and Terms and Conditions.