kraloz - Fotolia

US hospital pays £12,000 to ransomware attackers

A US hospital reveals that, after a week of being offline, it caved into ransomware demands to restore access to its computer systems

A hospital in Los Angeles has revealed that it paid 40 bitcoins (£12,000) to ransomware attackers to regain control of its computer systems after more than a week of downtime.

Initial reports that the attackers had demanded 9,000 bitcoins (£2.6m) were either incorrect or the cyber criminals revised the ransom demand down to a more realistic figure.

The Hollywood Presbyterian Medical Center shut down its computer network after a malware infection on 5 February 2016 encrypted some of its data.

Malware that is used to encrypt data so that attackers can demand payment for unlocking it is commonly known as ransomware.

Hospital workers were forced to resort to pen, paper, phones and fax machines for many tasks normally carried out on computer, including accessing patient information and test results.

The hospital called in investigators from the FBI, Los Angeles police and a private cyber forensics firm, but after more than a week managers felt they could not wait any longer.

Paying the ransom was the “quickest and most efficient way” of regaining access to the affected systems, hospital chief executive Allen Stefanek said in a statement.

He said the hospital had fully restored access to its medical record system by 15 February 2016 and there was no evidence any patient or employee information had been accessed.

The origin of the ransomware attack reportedly remains unknown, but initial reports said that the attack was believed to be random rather than specifically aimed at the hospital.

An FBI spokeswoman said the FBI and the Los Angeles Police Department are working together to identify the attackers behind the ransomware.

Payment encourages ransomware use, say experts

Cyber extortion is a growing threat to companies worldwide, but the extent of the practice is largely hidden because many firms just pay up and keep quiet, say security experts.

News of the ransomware attack on the US hospital broke just two weeks after Lincolnshire County Council in the UK was hit by a similar attack.

Security industry commentators praised the Lincolnshire County Council for refusing to pay the £345 ransom demanded, as payment only encourages cyber criminals using this method of cyber extortion and there is no guarantee the encrypted data will be unlocked.

“In the event of your system being infected with ransomware, do not give up hope or pay any ransom. There are various products available that can assist in recovering your files,” said Mike Gillespie, director of cyber research and security at The Security Institute.

“It is imperative that organisations take the threat from ransomware seriously. Once infected, the inability to access files or systems may impact on other services offered by the organisation,” he said.

“The ability to recover quickly from any ransomware infection will be greatly enhanced by having effective business continuity mechanisms available and free from infection.”

Ransomware on the rise

Ransomware is one of the top international cyber threats, along with distributed denial of service (DDoS) attacks and bullet-proof hosting services, according to the UK National Crime Agency.

In 2013, the NCA’s National Cyber Crime Unit (NCCU) warned of a mass email-borne Cryptolocker ransomware campaign aimed at small and medium-sized enterprises (SMEs) and consumers.

Since then, ransomware has become increasingly popular with cyber criminals, with its use increasing by 58% in the second quarter of 2015, according to a threat report by Intel Security.

Research has shown that relatively low-cost ransomware attacks typically net thousands of pounds a week for attackers.

Read more about ransomware

  • Businesses are still getting caught by ransomware, despite the fact that there are fairly straightforward methods to avoid it.
  • Criminals use devices compromised for click fraud as the initial step in a chain of infections leading to ransomware attacks, warns security firm Damballa.
  • The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
  • The Cryptolocker ransomware caught many enterprises off guard – but there is a defence strategy that works against it.
  • Six steps to protect health data from hospital ransomware.

Read more on Hackers and cybercrime prevention