Indianapolis News and Headlines


Muncie-based cancer services agency hacked for data won't pay ransom

Posted at 11:07 PM, Jan 17, 2017
and last updated 2017-01-18 02:48:43-05

MUNCIE, Ind. -- A Muncie-based cancer services agency said they will not pay a ransom to recover their data after a being compromised by ransomware. The agency will instead replace their servers with a more secure system to prevent future attacks. 

Cancer Services of East Central Indiana said their systems were hacked on January 11.

The hackers demanded a ransom of 50 bitcoins, which equals about $43,000, before they would let the agency regain access to their data.

The agency's Executive Director, Aimee Fant, said most of the agency’s data is in cloud storage and they plan to replace their servers with a more secure, cloud-based system.

Fant said the agency "will not pay a ransom when all funds raised must instead go to serving families, all stage cancer clients, late stage care/hospice support and preventative screenings." 

The agency said they hope to have their systems up and running by the end of the week. 

The agency released the following information regarding the cyber attack:

Ransom and Cyber-terrorism Attack on Cancer Services of East Central Indiana-Little Red Door

Cancer Services of East Central Indiana- Little Red Door's terminal server and backup drive were hacked and the all the agency's data was stripped, encrypted and taken for ransom by an international cyber terrorism organization on Wed. January 11, at approximately 10pm. Staff and the Board of Directors were made aware of the 50 Bitcoins ($43,000 US) ransom demand the following evening, Thursday Jan. 12.

Communicating first via text message to the personal cell phones of the Executive Director, President and Vice President, then through a "form letter" and several detailed emails, the self-identified dark web organization issued threats of extortion and also threatened to contact family members of living and deceased cancer clients, donors and community partners.

The staff and Board of Directors took immediate action to notify those affected by the security breech, relaying directives from the FBI, "not to open any suspicious email, link, to not engage with the cyber terrorists, not respond to ransom demands and report communication from them to the agency and/or law enforcement." The FBI agents assigned to the agency's case noted the unusual and pervasive nature of the attack, focusing on the contact made through personal cell phone numbers and noted the sudden surge in ransomware attacks.

On the heels of such cyber-terrorism attacks, (the most recent as close as Madison County, in which a ransom was paid to retain control of the government's server) Executive Director Aimee Fant is working with the FBI in an active investigation and reports that most of the agency's data is in cloud storage and "will not pay a ransom when all funds raised must instead go to serving families, all stage cancer clients, late stage care/hospice support and preventative screenings." Fant also reports the agency will replace and rebuilding its data; replacing file-based terminal server with a secure cloud-based system, the agency is still continuing to serving cancer clients and will be running at full capacity by the end of the week.

Fant also emphasizes that Little Red Door of Indianapolis (unaffiliated with and separate from Cancer Services of ECI-Little Red Door) is unaffected by the cyber attack.

Cancer Services has been consulting with IT firms and law enforcement to preserve the safety and security of those who receive cancer care services, donors and staff, extends its immense gratitude to all who have helped in its efforts to gain control of the ransom attack and sincerely apologizes for any inconvenience and distress experienced on account of this act of cyber terrorism.

Many ask how they can help. How can the community help?
One of the Cancer Services of ECI-Little Red Door's very own staff members, just days before the attack, learned she has an aggressive form of breast cancer. She is the cheerful, hopeful face who greets cancer clients every day. The agency is calling on the community of ECI to now support her through her cancer journey.

The agency will not raise money to pay the criminals' ransom, but is always in need of caring volunteers, Boost and Ensure for those experiencing chemotherapy as well as other resources to serve cancer clients, and improve their survivability.

Separately, the agency's January 21st gala "Community Hope Benefit Wonderland" (Horizon Convention Center) is being rescheduled for September 23rd and will feature Good Morning America Anchor Amy Robach, who learned of her own cancer diagnosis while receiving a routine mammogram on live television.

To report any suspicious ransomware activity, please alert the FBI at (317) 595-4000 or with questions about the local cancer care agency breach, please contact Aimee Fant or 765-284-9063

RELATED| Call 6: Hackers use ransomware to hold Madison County Government computer systems hostage | FBI warns about ransomware threat