Ransomware is a particularly malicious form of malware that gains access to a user’s system and then proceeds to prevent them from accessing their own data. In some cases, the files on the system are encrypted so as to be irretrievable without the key, and in others access is simply denied to the device’s owner. In both situations the hacker will demand a ransom is paid to unencrypt the files or have access given back to the user.
The ransom itself can often come in different forms as well. In some cases a simple demand for money is given, with links to online payment methods for easy transaction. In these cases the trap is set and the victim realises their predicament. Other instances show that ransomware has been found to resemble the FBI logo, and often the hacker will claim that the reason for your machine being locked is that you have done something illegal. This prevents many from reporting the incident to the authorities, or to a company who could unlock the system, and in many cases the money has been paid without the access being returned again.
One of the highest prolife cases of ransomware seen recently has been in a Hollywood Hospital in Los Angeles, which, it is claimed by both the LAPD and the official FBI, could cost the hospital millions. The attack itself shut down the hospital’s computing system in early February, leading to what they described as an ‘internal emergency’. Patients were diverted to other hospitals and doctors were unable to document patient care, transmit lab work and x-rays, or even access stored medical records.
The hackers in the attack demanded that the hospital pay them in 9,000 bitcoin, which equates to roughly $3.6 million. The payment of this astronomical fee would be in exchange for the necessary encryption keys to restore the system. After spending a week offline, and with the LAPD and FBI investigating, it was reported that the hospital in question gave in and paid the hackers 40 bitcoins, around £12,000, instead to regain control. This negotiation is interesting, as it means that the hackers were aware that they had attacked a hospital and lowered their original demands.
It isn’t known whether any patient data was compromised, or just encrypted, but it is thought that the attack was random. Whatever the case, it is clear that compromising communication within a hospital risks patient safety, as care is diminished as a result. It is therefore understandable that the hospital paid the ransom, but still isn’t something that we, or other cyber security experts, would condone.
The response from Digital Pathways would be to encourage a company never to pay, and to inform the police if a ransomware attack does occur. Even more important is to plan before it happens. This planning includes creating a Honeypot. This is a server or network that is used solely for attracting and then trapping would-be hackers, keeping them well away from your important systems. We would also encourage you to keep servers patched to the latest level, have good log management and respond quickly to incidents. Prevention is far more effective than damage limitation.
If you have been hit by a ransomware attack, or are fearful of the possibility, then speak to us today to find out how easy it can be to prevent an attack.