Hollywood hospital pays ransomware attackers $17,000 to release its systems

midian182

midian182

Posts: 9,714   +121
Staff member

As anyone who has experienced it will tell you, ransomware can be a nightmare. Once it infects a network, it can encrypt all the files and will demand payment (nearly always Bitcoin) before it hands over an unlock key. These attacks often come with a warning that unless the ransom is paid within a set time, the key will be destroyed and the user will never be able to access their data.

While finding you’ve been infected with ransomware is bad, it can be especially problematic for organizations such as hospitals. Such was the case for the Hollywood Presbyterian Medical Center, which had its network locked up by a ransomware attack on February 5, and has only recently regained control of its systems after paying $17,000 to the attackers.

After the ransomware was discovered, staff at the hospital were forced to use land lines, fax machines, and keep paper records for the ten days that the network was locked down. Some patients had to be sent to other hospitals for procedures such as CT scans.

Reports claimed that the attackers had originally demanded 9000 bitcoins, or about $3.5 million, to release the system. But it appears that this was negotiated down to 40 bitcoins, equal to around $17,000.

Speaking about the hospital’s decision to pay the ransom, CEO Allen Stefanek said in a statement: “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

CSO reports that it’s highly unlikely the hospital was specifically targeted, and that the ransomware was likely down to an employee clicking on a malicious link or downloading an unexpected attachment on a hospital computer.

The hospital has stressed that there is no evidence to suggest any patient records were compromised. It will continue to work with security consultants, local authorities, and the FBI, who are investigating the matter.

Permalink to story.

https://www.techspot.com/news/63850-hollywood-hospital-pays-ransomware-attackers-17000-release-systems.html

 
How can you work with computers in a hospital and not be trained to tell what malicious links and stuff would look like? thats kinda part of the job description. Theyre lucky this wasnt alot worse.
 
ikesmasher said:
How can you work with computers in a hospital and not be trained to tell what malicious links and stuff would look like? thats kinda part of the job description. Theyre lucky this wasnt alot worse.
Click to expand...
unfortunately people don't know. I think the bigger issue here is the hospitals lack of a comprehensive backup/ restore solution. An offsite backup could have fixed this in hours instead of days and $17k.
 
  • Like
Reactions: Timonius, DaveBG, cliffordcooley and 2 others
Bit coins are still very popular around the world. Hopefully this will serve as a lesson for hospitals to take their primary systems off line of the internet and/or build much better security services. Sadly, so many hospitals have cut their costs by eliminating or lowering their security standards, they are so vulnerable they might as well set their master passwords to 123456789, if they haven't already done so!
 
User clicked on a bad link or attachment, once the software scanned & encrypted everything, that was it.
 
ikesmasher said:
How can you work with computers in a hospital and not be trained to tell what malicious links and stuff would look like? thats kinda part of the job description. Theyre lucky this wasnt alot worse.
Click to expand...

That is never the case.

You know how many places I've worked where employees work on computers everyday from the janitor to managers and directors and half of them couldn't use a computer to save their own lives.

Majority of them just have the helpdesk on speed dial.

The logical thing of course is to provide proper training but these people with big titles don't think they have to learn they get paid too much money for that.
 
  • Like
Reactions: oldikes
"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
Click to expand...
Although, I'm surprised they put as high a hope (sounds like) that paying the crooks would actually get them their equipment back. Seems like a decent amount of ransomware, after paid, isn't unlocked.

ikesmasher said:
How can you work with computers in a hospital and not be trained to tell what malicious links and stuff would look like? thats kinda part of the job description. Theyre lucky this wasnt alot worse.
Click to expand...
Because it cost money, and we all know much money is more important than anything else. /s

It's poor management put simply. This is still a big problem everywhere, and won't change even after these companies/organizations are hit with such attacks.

At my University (I'm a student), someone in admissions, twice, got infected with a Trojan, and leaked some SS#'s. Again, twice. Stuff never changes, no matter where you are.
 
This is really unfortunate, hopefully the FBI can actually do something useful and find the people responsible, Bitcoins are traceable, at least from my understanding every time they change hands it's recorded for each individual Bitcoin, meaning from when those Bitcoins leave the hospitals hands they can be traced to whoever has acquired them. This is off of Bitcoin.org "All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network." This is probably the single feature I find good about the "currency" which should make catching those responsible very easy, at least in theory. Once caught these individuals should be infected with some kind of disease and then forced to pay an exuberant amount of money for the cure... If only, hahaha, I know I'm not right in the head for thinking this, but something needs to show the *** holes doing this that it's not a good idea, good ol' capitol punishment style.
 
  • Like
Reactions: Lionvibez
ikesmasher said:
How can you work with computers in a hospital and not be trained to tell what malicious links and stuff would look like? thats kinda part of the job description. Theyre lucky this wasnt alot worse.
Click to expand...
"How can you work with computers in a hospital and not be trained to tell what malicious links and stuff would look like?"
Users are users, they're not in the slightest technically minded like us. My wife for example, who is a specialist pediatrician, wouldn't know a malicious link or site if it bit her on the butt. Her first Gmail account was compromised because of her clicking all over the show but luckily no damage was done.
Anyway that slip up at Hollywood hospital was probably not the fault of the general staff, it was most likely the fault of the computer admins. Staff are limited to where on the internet they can go using hospital machines, they're usually connected to an intranet.
 
Disgusting data kidnappers. If they're ever caught and convicted their sentence should be no less that being burned alive at the stake.
 
Adhmuz said:
This is really unfortunate, hopefully the FBI can actually do something useful and find the people responsible, Bitcoins are traceable, at least from my understanding every time they change hands it's recorded for each individual Bitcoin, meaning from when those Bitcoins leave the hospitals hands they can be traced to whoever has acquired them. This is off of Bitcoin.org "All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network." This is probably the single feature I find good about the "currency" which should make catching those responsible very easy, at least in theory. Once caught these individuals should be infected with some kind of disease and then forced to pay an exuberant amount of money for the cure... If only, hahaha, I know I'm not right in the head for thinking this, but something needs to show the *** holes doing this that it's not a good idea, good ol' capitol punishment style.
Click to expand...

"Traceable" isn't the same as being able to actually find them though... Most hackers are smart enough to use a proxy server, TOR, VPN, etc... The transaction will be traced to like "some public server in Latvia" which really won't do the FBI any good....
 
I work in IT and have dealt with this issue before, but were able to restore everything from a backup. Luckily, we make sure that our clients keep up to date with their full backups. I can't believe that a hospital didn't have anything they could restore the files from.
 
  • Like
Reactions: psycros
captaincranky said:
hahahanoobs said:
How is bitcoin still a thing?
Click to expand...
Phew, I'm still trying how to wrap my head around how it got to be a a "thing" in the first place....:confused:
Click to expand...

It started off being a fun fad for computer enthusiasts. You'd contribute your computer resources to what is called the "blockchain" (What processes bitcoin transactions) and in return you'd receive some bitcoin yourself. I myself only mined half a bitcoin but I'd say it was worth it given I received $120 for that amount. I really only left my computer on for a few days to get that amount. Not bad for just messing around, just wish I could go back in time and do a heck lot more of that. Could have paid my college loans off.

In addition, it's also the best way to pay anonymously. It cannot be tracked by any government and the transaction doesn't float by any body that's regulated by the government.
 
How about turning the tables, and offer that same amount as a reward for anyone that can bring it back. Motivate the people who are smart enough to fight this. You may actually entice someone to come forward with details, at the very least build a suspect/watch list.
 
So the hospital pays criminals...and who says that criminals would even give the key after receiving payment. The incompetence of the hospital there is no surprise. Sounds like they are just ignorant, or view all things IT as a liability, rather than an investment! This would never have happened if they had the proper security and disaster plans in place. Not only should they have an secure, cloud/hybrid back up solution in place, all their system should be properly managed as well. What are employees doing clicking on links, or opening attachments without proper policies in place?? But what hell, maybe I am way off base..oh wait I do IT consulting for a living....
 
Adhmuz said:
This is really unfortunate, hopefully the FBI can actually do something useful and find the people responsible, Bitcoins are traceable, at least from my understanding every time they change hands it's recorded for each individual Bitcoin, meaning from when those Bitcoins leave the hospitals hands they can be traced to whoever has acquired them. This is off of Bitcoin.org "All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network." This is probably the single feature I find good about the "currency" which should make catching those responsible very easy, at least in theory. Once caught these individuals should be infected with some kind of disease and then forced to pay an exuberant amount of money for the cure... If only, hahaha, I know I'm not right in the head for thinking this, but something needs to show the *** holes doing this that it's not a good idea, good ol' capitol punishment style.
Click to expand...
The fact that Bitcoins are traceable means absolutely nothing. Everything on the internet is traceable, but that doesn't mean you can actually find every crook or hacker out there. If these hackers knew what they were doing (and it sounds like they did) all they have to do is bounce the Bitcoin transaction around to a few countries where the US has little or no jurisdiction, until it ends up at a Starbucks wifi outside of Moscow where the hackers can sit outside in their car and download it onto their laptop. That's just one example out of a possible hundred ways to get away with it.
 
lripplinger said:
So the hospital pays criminals...and who says that criminals would even give the key after receiving payment. The incompetence of the hospital there is no surprise. Sounds like they are just ignorant, or view all things IT as a liability, rather than an investment! This would never have happened if they had the proper security and disaster plans in place. Not only should they have an secure, cloud/hybrid back up solution in place, all their system should be properly managed as well. What are employees doing clicking on links, or opening attachments without proper policies in place?? But what hell, maybe I am way off base..oh wait I do IT consulting for a living....
Click to expand...
From the sounds of it they did get the decryption key, which is actually a real surprise. Usually you don't get the decryption key even if you pay them. They simply demand more money until you refuse to keep paying, at which point they disappear forever along with the decryption key. Holding onto your leverage and demanding more and more money is kind of the whole idea behind extortion.
 
umbala said:
From the sounds of it they did get the decryption key, which is actually a real surprise. Usually you don't get the decryption key even if you pay them. They simply demand more money until you refuse to keep paying, at which point they disappear forever along with the decryption key. Holding onto your leverage and demanding more and more money is kind of the whole idea behind extortion.
Click to expand...
What is also strange is that they knew they had infected the hospital, and that they don't have disaster recovery policies in place. They also knew to up the ransom to crazy amounts, Usually the payment is £500 from my experience. Sounds like a bit of an inside job maybe or a disgruntled ex employee.
 
cartera said:
What is also strange is that they knew they had infected the hospital, and that they don't have disaster recovery policies in place. They also knew to up the ransom to crazy amounts, Usually the payment is £500 from my experience. Sounds like a bit of an inside job maybe or a disgruntled ex employee.
Click to expand...
I know that somewhere around $500.00 is the asking price off an individual. This with the fake, "F.B.I. has you on child porn charges" ransom-ware, and also for other scams targeting an individual at home. But that doesn't seem a likely amount to defraud from a large corporation. Seems like the ante would be a lot higher. No?
 
captaincranky said:
I know that somewhere around $500.00 is the asking price off an individual. This with the fake, "F.B.I. has you on child porn charges" ransom-ware, and also for other scams targeting an individual at home. But that doesn't seem a likely amount to defraud from a large corporation. Seems like the ante would be a lot higher.
Click to expand...
I agree but ransomware isn't usually sophisticated enough to know who it has targeted.
 
cartera said:
I agree but ransomware isn't usually sophisticated enough to know who it has targeted.
Click to expand...
Thinking about it, they will know the email address of whichever employee fell for the scam. It doesn't take a rocket scientist to spot a domain name and up the stakes.
 
You must log in or register to reply here.

Similar threads

A
Ransomware operations made more than $1 billion in 2023
Replies
1
Views
133
brucek
brucek
midian182
LockBit ransomware group bounces back a week after law enforcement had disrupted hacking...
Replies
0
Views
114
midian182
midian182
midian182
LockBit ransomware group member sentenced to four years for infecting over 1,000 systems
Replies
5
Views
136
Uncle Al
Uncle Al

Latest posts

Back