Tag Archives: Ransomeware

When Ransomware Strikes Should You Pay or Not?

Hacker2015 was a big year for ransomware exploits and it looks like they aren’t slowing down in 2016. Kaspersky reported that Cyrptolocker attacks doubled in 2015, and that a majority of workplace PCs were attacked. The perpetrators of CryptoLocker attacks send Trojans, usually via email, that when set free, infect a user’s PC and encrypt any files it can access. The attacker then demands money, often in the form of bitcoins, to decrypt the locked files. Attackers threaten all sorts of havoc if their demands aren’t meant. As the article in NetworkWorld points out, even if their demands are met, you can’t count on your attackers honoring their part of the bargain.

I recently wrote a blog that covered a new ransomware attack on Hollywood Presbyterian Medical Center. The attackers are asking for 9,000 bitcoins in order to return thousands of patient records intact, which translates into approximately $3.6 million. That’s a steep price tag for any organization, and although typically law enforcement agencies advise victims not to pay, some police departments have started succumbing to the ransom demands. The more dangerous and alarming part is that, according to the FBI, who are working on this case, some attackers aren’t skilled enough to handle the malware they’ve delivered and if that’s the case, the hospital’s data will be lost forever. As the article points out, some criminal coders can mount an attack, but they don’t know how to handle encryption and decryption. Researchers have reported a ransomware strain that unintentionally locked files that can now never be decrypted.

The hospital has not decided whether they will pay the ransom yet, but they are forced to handle all their records manually for the time being. According to cybersecurity experts, ransomware has proven to be a lucrative business with Kaspersky reporting that a hacker group they researched is getting $2.5 million to $10 million for each successful attack.

In the meantime, organizations in every sector, particularly highly regulated industries like healthcare and finance need to increase their security postures as much as possible. Here are some quick tips that could keep you from becoming a victim:

  • Make sure your employees are security aware and not prone to opening unfamiliar emails and attachments. If an email looks suspicious or an offer seems too good to be true, use caution. Also, since cyber criminals are now adept at researching employees via social media, they should approach any unknown senders with caution.
  • Get the technology you need. There are a variety of ways evasive malware can be introduced, including piggybacking on traffic on high hidden ports. If you’re security can’t monitor those ports, you’re asking for trouble.
  • Be sure you update your software and applications as well as your operating system. Criminal hackers often leverage known vulnerabilities in an application or OS that hasn’t been updated.


Hackers Are Holding an LA Hospital’s Computers Hostage


Ransomware attacks, in which hackers lock your computer or keyboard until you pay a ransom, are on the rise. The latest notable ransomware victim is Hollywood Presbyterian Medical Center in Los Angeles, whose computers have been offline for over a week. The computers will come back online, the hackers reportedly say, in exchange for $3.4 million, paid in bitcoin.

The Hack

The incident, first reported by a local NBC affiliate, affects the Los Angeles hospital’s computer systems, including those needed for lab work, pharmaceutical orders, and even the emergency room.

While the hospital’s spokesperson was unavailable to comment, HPMC president and CEO Allen Stefanek told KNBC that it was “clearly not a malicious attack; it was just a random attack.” It’s not clear what he means, though; a hospital in a wealthy neighborhood seems unlikely to be a random target, especially for such a large sum.

As WIRED explained last fall, while ransomware has been around for over a decade, hackers have been embracing increasingly sophisticated methods. In the past, ransomware could only lock down a target’s keyboard and computer; now, hackers can encrypt an infected system’s files with a private key known only to the attacker. That may be what has happened here, according to anonymous hospital sources who told NBC4 that the hackers offered a “key” in exchange for the ransom money. The hospital has yet to officially detail the attack.

Who’s Affected

Stefanek told NBC4 that patient care hasn’t suffered, although some 911 patients have been sent to other nearby hospitals. Meanwhile, it appears to mostly add up to a headache for those in the HPMC system because hospital staff have had to write all documentation out by hand for the last week. Some patients, meanwhile, need to drive to more remote hospitals for medical tests that HPMC cannot offer without a functioning network.

The fallout appears limited to this one hospital, though, and even within its walls the impact seems annoying, but not crippling. HPMC says it’s working with the FBI, LAPD, and computer forensics experts to recover its systems.

How Bad Is It?

Given the degree of things that could potentially go wrong at the intersection of hospitals and hackers, this isn’t so terrible. But in terms of the scale of the ransomware, it’s about as as bad as it gets. Symantec recently pegged the total amount of ransomware paid out in any given year at $5 million. This single incident asks for well over half that amount.

The bigger impact may not be clear until after the incident is resolved. If the hospital ends up paying out, it could inspire copycat attacks. If not, and the hackers are identified, it could act as a deterrent. Either way, for now it shows that no target is off limits for ransomware, nor is any sum.