An incident that can only be described as strange occurred in Hong Kong last month when an unknown attacker used ransomware to lock up three computers owned by the country’s main healthcare provider, only to leave an email address where he could be reached to offer the decryption keys.
Established in 1939, Hong Kong’s Department of Health issues healthcare policies and provisions basic healthcare services in the fourth-most densely populated region in the world.
As reported by the South China Morning Post, soon after Singapore’s SingHealth incurred the country’s biggest data breach, Hong Kong’s Department of Health became the latest victim of a cyberattack. Three of its computers were infected with ransomware, prompting police to open an investigation.
The attacker(s) targeted computers at the Infection Control Branch, Clinical Genetic Service and Drug Office. The three departments were reportedly infiltrated in the two weeks since July 15.
“Files stored on the computers were encrypted by ransomware, and an email address to contact for a decryption key was left behind, but no ransom was demanded,” a spokeswoman told the press.
After infecting a targeted system, ransomware operators typically leave a Bitcoin wallet address where victims can dump a specified amount of digital currency in exchange for the decryption keys. It was not the case in this instance, though investigators still believe the attackers were after some form of profit.
Not only did the three computers not contain any valuable information, but the data stored on them was also backed up, the spokeswoman confirmed to the press. Furthermore, investigators found no evidence of any data leak.
All in all, this ransomware attempt seems to have had zero consequences for its victims. However, this is just the latest in a long string of attacks targeting the healthcare sector at a global level. Some of the reported cases ended up with dire consequences, both for the HCPs and their clients (patients).
If this case is any indication, keeping regular offline backups of your data is one of the best ways to thwart ransomware attacks. Not having to give into a ransom demand is key to discouraging future attempts on your infrastructure.