Hollywood hospital pays ransomware attackers $17,000 to release its systems

By midian182
Feb 18, 2016
Post New Reply
  1. As anyone who has experienced it will tell you, ransomware can be a nightmare. Once it infects a network, it can encrypt all the files and will demand payment (nearly always Bitcoin) before it hands over an unlock key. These attacks often come with a warning that unless the ransom is paid within a set time, the key will be destroyed and the user will never be able to access their data.

    While finding you’ve been infected with ransomware is bad, it can be especially problematic for organizations such as hospitals. Such was the case for the Hollywood Presbyterian Medical Center, which had its network locked up by a ransomware attack on February 5, and has only recently regained control of its systems after paying $17,000 to the attackers.

    After the ransomware was discovered, staff at the hospital were forced to use land lines, fax machines, and keep paper records for the ten days that the network was locked down. Some patients had to be sent to other hospitals for procedures such as CT scans.

    Reports claimed that the attackers had originally demanded 9000 bitcoins, or about $3.5 million, to release the system. But it appears that this was negotiated down to 40 bitcoins, equal to around $17,000.

    Speaking about the hospital’s decision to pay the ransom, CEO Allen Stefanek said in a statement: “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

    CSO reports that it’s highly unlikely the hospital was specifically targeted, and that the ransomware was likely down to an employee clicking on a malicious link or downloading an unexpected attachment on a hospital computer.

    The hospital has stressed that there is no evidence to suggest any patient records were compromised. It will continue to work with security consultants, local authorities, and the FBI, who are investigating the matter.

    Permalink to story.

  2. hahahanoobs

    hahahanoobs TS Evangelist Posts: 1,604   +411

    How is bitcoin still a thing?
    Adhmuz likes this.
  3. ikesmasher

    ikesmasher TS Evangelist Posts: 2,531   +836

    How can you work with computers in a hospital and not be trained to tell what malicious links and stuff would look like? thats kinda part of the job description. Theyre lucky this wasnt alot worse.
  4. cartera

    cartera TS Addict Posts: 276   +71

    unfortunately people don't know. I think the bigger issue here is the hospitals lack of a comprehensive backup/ restore solution. An offsite backup could have fixed this in hours instead of days and $17k.
  5. Uncle Al

    Uncle Al TS Evangelist Posts: 1,532   +688

    Bit coins are still very popular around the world. Hopefully this will serve as a lesson for hospitals to take their primary systems off line of the internet and/or build much better security services. Sadly, so many hospitals have cut their costs by eliminating or lowering their security standards, they are so vulnerable they might as well set their master passwords to 123456789, if they haven't already done so!
  6. amstech

    amstech TechSpot Enthusiast Posts: 1,441   +594

    User clicked on a bad link or attachment, once the software scanned & encrypted everything, that was it.
  7. Lionvibez

    Lionvibez TS Evangelist Posts: 1,084   +331

    That is never the case.

    You know how many places I've worked where employees work on computers everyday from the janitor to managers and directors and half of them couldn't use a computer to save their own lives.

    Majority of them just have the helpdesk on speed dial.

    The logical thing of course is to provide proper training but these people with big titles don't think they have to learn they get paid too much money for that.
    ikesmasher likes this.
  8. robb213

    robb213 TS Addict Posts: 311   +93

    Although, I'm surprised they put as high a hope (sounds like) that paying the crooks would actually get them their equipment back. Seems like a decent amount of ransomware, after paid, isn't unlocked.

    Because it cost money, and we all know much money is more important than anything else. /s

    It's poor management put simply. This is still a big problem everywhere, and won't change even after these companies/organizations are hit with such attacks.

    At my University (I'm a student), someone in admissions, twice, got infected with a Trojan, and leaked some SS#'s. Again, twice. Stuff never changes, no matter where you are.
  9. Adhmuz

    Adhmuz TechSpot Paladin Posts: 1,620   +503

    This is really unfortunate, hopefully the FBI can actually do something useful and find the people responsible, Bitcoins are traceable, at least from my understanding every time they change hands it's recorded for each individual Bitcoin, meaning from when those Bitcoins leave the hospitals hands they can be traced to whoever has acquired them. This is off of "All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network." This is probably the single feature I find good about the "currency" which should make catching those responsible very easy, at least in theory. Once caught these individuals should be infected with some kind of disease and then forced to pay an exuberant amount of money for the cure... If only, hahaha, I know I'm not right in the head for thinking this, but something needs to show the *** holes doing this that it's not a good idea, good ol' capitol punishment style.
    Lionvibez likes this.
  10. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,352   +1,945

    "How can you work with computers in a hospital and not be trained to tell what malicious links and stuff would look like?"
    Users are users, they're not in the slightest technically minded like us. My wife for example, who is a specialist pediatrician, wouldn't know a malicious link or site if it bit her on the butt. Her first Gmail account was compromised because of her clicking all over the show but luckily no damage was done.
    Anyway that slip up at Hollywood hospital was probably not the fault of the general staff, it was most likely the fault of the computer admins. Staff are limited to where on the internet they can go using hospital machines, they're usually connected to an intranet.
  11. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,352   +1,945

    Disgusting data kidnappers. If they're ever caught and convicted their sentence should be no less that being burned alive at the stake.
  12. Squid Surprise

    Squid Surprise TS Guru Posts: 830   +250

    "Traceable" isn't the same as being able to actually find them though... Most hackers are smart enough to use a proxy server, TOR, VPN, etc... The transaction will be traced to like "some public server in Latvia" which really won't do the FBI any good....
  13. captaincranky

    captaincranky TechSpot Addict Posts: 11,467   +1,760

    Phew, I'm still trying how to wrap my head around how it got to be a a "thing" in the first place....:confused:
    DaveBG and hahahanoobs like this.
  14. DJMIKE25

    DJMIKE25 TS Booster Posts: 151   +47

    I work in IT and have dealt with this issue before, but were able to restore everything from a backup. Luckily, we make sure that our clients keep up to date with their full backups. I can't believe that a hospital didn't have anything they could restore the files from.
    psycros likes this.
  15. Squid Surprise

    Squid Surprise TS Guru Posts: 830   +250

    Don't worry, you can't use it on Win XP....
  16. Evernessince

    Evernessince TS Evangelist Posts: 1,105   +533

    It started off being a fun fad for computer enthusiasts. You'd contribute your computer resources to what is called the "blockchain" (What processes bitcoin transactions) and in return you'd receive some bitcoin yourself. I myself only mined half a bitcoin but I'd say it was worth it given I received $120 for that amount. I really only left my computer on for a few days to get that amount. Not bad for just messing around, just wish I could go back in time and do a heck lot more of that. Could have paid my college loans off.

    In addition, it's also the best way to pay anonymously. It cannot be tracked by any government and the transaction doesn't float by any body that's regulated by the government.
  17. captaincranky

    captaincranky TechSpot Addict Posts: 11,467   +1,760

    Not even with SP2? :p
    Last edited: Feb 18, 2016
    dms96960 likes this.
  18. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,430   +2,822

    How about turning the tables, and offer that same amount as a reward for anyone that can bring it back. Motivate the people who are smart enough to fight this. You may actually entice someone to come forward with details, at the very least build a suspect/watch list.
  19. lripplinger

    lripplinger TS Addict Posts: 253   +86

    So the hospital pays criminals...and who says that criminals would even give the key after receiving payment. The incompetence of the hospital there is no surprise. Sounds like they are just ignorant, or view all things IT as a liability, rather than an investment! This would never have happened if they had the proper security and disaster plans in place. Not only should they have an secure, cloud/hybrid back up solution in place, all their system should be properly managed as well. What are employees doing clicking on links, or opening attachments without proper policies in place?? But what hell, maybe I am way off base..oh wait I do IT consulting for a living....
  20. umbala

    umbala TS Addict Posts: 163   +135

    The fact that Bitcoins are traceable means absolutely nothing. Everything on the internet is traceable, but that doesn't mean you can actually find every crook or hacker out there. If these hackers knew what they were doing (and it sounds like they did) all they have to do is bounce the Bitcoin transaction around to a few countries where the US has little or no jurisdiction, until it ends up at a Starbucks wifi outside of Moscow where the hackers can sit outside in their car and download it onto their laptop. That's just one example out of a possible hundred ways to get away with it.
  21. umbala

    umbala TS Addict Posts: 163   +135

    From the sounds of it they did get the decryption key, which is actually a real surprise. Usually you don't get the decryption key even if you pay them. They simply demand more money until you refuse to keep paying, at which point they disappear forever along with the decryption key. Holding onto your leverage and demanding more and more money is kind of the whole idea behind extortion.
  22. cartera

    cartera TS Addict Posts: 276   +71

    What is also strange is that they knew they had infected the hospital, and that they don't have disaster recovery policies in place. They also knew to up the ransom to crazy amounts, Usually the payment is £500 from my experience. Sounds like a bit of an inside job maybe or a disgruntled ex employee.
  23. captaincranky

    captaincranky TechSpot Addict Posts: 11,467   +1,760

    I know that somewhere around $500.00 is the asking price off an individual. This with the fake, "F.B.I. has you on child porn charges" ransom-ware, and also for other scams targeting an individual at home. But that doesn't seem a likely amount to defraud from a large corporation. Seems like the ante would be a lot higher. No?
  24. cartera

    cartera TS Addict Posts: 276   +71

    I agree but ransomware isn't usually sophisticated enough to know who it has targeted.
  25. cartera

    cartera TS Addict Posts: 276   +71

    Thinking about it, they will know the email address of whichever employee fell for the scam. It doesn't take a rocket scientist to spot a domain name and up the stakes.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...