Recently, a hospital in LA was hacked, with the attackers locking up work systems and likely getting away with private information regarding patients. Now in an effort to try and protect their privacy, the hospital has given in to a $17,000 Bitcoin demand in hopes that the attackers won't do anything with the information or hold on to it as leverage for future demands.
Hospital workers were also locked out of their computer system since the 5th of February, which will have had a big knock-on effect on workflow. The hospital admitted to paying the ransom in an open letter, which said: “On the evening of 5 February our staff noticed issues accessing the hospital's computer network. Our IT department began an immediate investigation and determined we had been subject to a malware attack”.
“The malware locked access to certain computer systems and prevented us from sharing communications electronically. Law enforcement was immediately notified. Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online. The reports of the hospital paying 9,000 bitcoins, or $3.4m are false. The amount of ransom requested was 40 bitcoins, equivalent to approximately $17,000. The malware locks systems by encrypting files and demanding a ransom to obtain the decryption key.”
This was apparently the quickest and most efficient way to get the computer systems back online and have the hospital functioning as normal but it seems that some security researchers don't agree, with AppRiver telling The Inquirer that “Feeding the fire by paying these guys should be avoided if at all possible. If you've been the victim of a ransomware attack, and you're contemplating paying the ransom, keep in mind that the only reason these thieves keep making these attacks is because people pay them. If all of the victims stopped paying ransoms, they wouldn't have a successful business model”.
KitGuru Says: Do you guys think the hospital should have paid the ransom to get things back up and running faster?
Well, if there were really pressing matters going on in the hospital which required a fully working network, and lives of patients would get in danger, yes I would’ve paid up. After that I would’ve invested in better security. But patients shouldn’t be dieing out of principles.
I’d be asking why the Hospital didn’t have backups of all the critical systems. If they did, they could have resolved their issue through restoring the affected machine from their backups (from a date before the attack started), so then they only would have had to deal with the affected files from the last day or so.
The attack malware sounds a lot like Cryptolocker, or another variation thereof…
Whos to say they will get anything back and they don’t just run off with the coins?
Nobody knows. But it’s better than to sit back and relax while patients are dieing. Better safe than sorry right? I’d have tried it.
They should never have got into this situation they should have regular backups of the systems especially with anything this important
Should have would have could have 🙁