Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Ransomware attacks nation’s largest cancer hospital

  • News Desk

    The Jakarta Post

Jakarta   /   Mon, May 15, 2017   /   10:18 am
Ransomware attacks nation’s largest cancer hospital Previously called McAfee, Intel acknowledges that it is challenging for cybersecurity professionals to grapple with so much information regarding viruses such as malware, phishing and ransomware. (Shutterstock/File)

Ilham Negara, who was taking his girlfriend’s mother for surgery at Dharmais Cancer Hospital in West Jakarta on Saturday morning, was perplexed when he discovered he could not get a queue number for admission.

Suffering from stage 2 cervical cancer, his girlfriend’s mother was scheduled for surgery on Monday and was advised to stay at the hospital for two days prior to the surgery.

When Ilham proceeded to take the queue number he was greeted by an unusual message on the computer’s display saying “Ooops, your files have been encrypted!”.

The red background display was equipped with a digital timer to inform the reader how many hours were left before the files were deleted by the hacker, as well as a ransom statement, which stated they must send US$300 worth of bitcoin, or around Rp 4 million to a site address to recover the encrypted files.

Puzzled, Ilham tried to search for it on the internet only to discover the hospital was among those to have fallen victim to ransomware WannaCry that had attacked over 100 countries.

Ilham had to wait for three hours to finish the registration as the administration had to do it manually. His girlfriend’s mother finally entered her room at 11 a.m.

“I cannot imagine what will happen on Monday, when more patients come to register at the hospital. They are cancer patients, if they are in a more severe condition, it must be troublesome for them to wait in line for longer periods of time,” he said on Sunday.

The cyber attacks controlled the computer system and blocked access to data until the computer owner paid the ransom. Among those that have been reportedly under attack were Britain’s public health system, the Russian Interior Ministry as well as businesses like international shipper FedEx and automotive manufacturer Nissan.

Widi Budianto, the hospital’s head of information and technology, said the ransomware had locked access to patients’ medical records and medical bills in around 600 computers in the country’s largest cancer treatment center.

“This is the second day since the attack occurred and we have checked and isolated 70 percent of our computers,” Widi said. Widi who learned about the first attack on Saturday at 5 a.m. said that as the hospital always backed up its data they were not too worried.

But service at the hospital is expected to be slower than usual as it may have to operate manually on Monday.

“On Monday, when the patients’ traffic is at its peak, there may be some clogged queues for patient services at the hospital since everything will be done manually,” hospital director Abdul Kadir said on Sunday.

He said the situation might prolong patients’ waiting time and slow down the patient handling process.

The communications and information minister visited the hospital on Saturday to observe the situation. “This is a severe attack, but we are sure we are on top of it, and we are still trying to minimize the impacts of the attack,” said Minister Rudiantara on Sunday, “Indonesia got attacked, yes, but the attack in our country is not the most severe.”

The ministry has also disseminated instructions on what to do when the attacks happen, including updating the security on Windows by installing Patch MS17010, disabling macros and SMB v1 functions, and disconnecting LAN cable and internet connection from computers.

The ministry also asked everyone to remain calm if they are being attacked and to consult with the Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) or seek online consultation at

Adi Jaelani of ID-SIRTII said that WannaCry victims were those who used Windows 8 or any windows system operations before that and had not updated the patch.

“Whatever happens, don’t pay the ransom,” Adi said. There is no guarantee that the hacker will give the decrypts after the victim pays the money. On the contrary he might ask for more money, he added.

Sr. Comr. Fadil Irman, the head of the National Police’s cybercrime unit said that the police would collaborate with international law enforcement and Microsoft representatives to solve the cyber crime attack. (hol)