MedStar, the health network of 10 Maryland hospitals struck by a ransomware attack last week, has now reportedly brought all its systems back online without paying attackers. But a MedStar spokesperson denied reports that the attack was made possible because the health provider’s IT department failed to make fixes to systems that had been issued years ago. Ars will publish an in-depth analysis of the techniques used by the Samsam ransomware attackers this Friday.
Tami Abdollah of the Associated Press reported Tuesday that an anonymous source “familiar with the investigation” of the cyberattack claimed that the flaws that allowed attackers to compromise a JBoss Web application server and attack the network with Samsam crypto-ransomware had been highlighted in security warnings from JBoss maintainer Red Hat, the US government and others in February 2007, March 2010, and again this month.
MedStar denies that the earlier warnings—including one issued as a security advisory by Red Hat in April 2010—had anything to do with the attack, according to the findings of a response team from Symantec. “News reports circulating about the malware attack on MedStar Health’s IT system are incorrect,” a MedStar spokesperson said in a statement. “Our partner Symantec, a global leader in cybersecurity, has been on the ground from the start of the situation and has been conducting a thorough forensic analysis, as they have done for many other leading companies around the world. In reference to the attack at MedStar, Symantec said, ‘The 2007 and 2010 fixes referenced in the article were not contributing factors in this event.'”