Hospital Data Held for $3.6 Million Ransomware Payoff
Hospital president and CEO Allen Stefanek told the local NBC Channel 4 news station that the ransomware attack is impacting day-to-day operations at the Los Angeles, California-based hospital. Emergency room operations are taking a hit from the attack, he said, and the hospital has had to transport patients to other medical centers because they cannot access patient records.
As its name suggests, ransomware is malicious software that holds computing assets ransom. The software blocks users from accessing computer systems until money is paid. Ransomware is usually launched in small scale operations against individuals.
Is Patient Data Safe?
Stefanek told NBC the hospital started observing “significant IT issues and declared an internal emergency on Friday, February 12. Hollywood Presbyterian then notified the Los Angeles Police Department and the FBI to investigate and has hired computer forensics experts, NBC reports.
"At this time, we have no evidence that any patient or employee information was the subject of unauthorized access or extraction by the attacker,” Stefanek told NBC4. Of course, there’s no guarantee that employee information wasn’t stolen either. Stefanek did not offer more details about any possible threats the hackers may have made.
We caught up with Graham Clulely, a security researcher in the United Kingdom, to get his thoughts on the attack. He told us ransomware doesn't discriminate between home users and businesses.
"All it cares about is infecting as many computers as possible and extorting money from its victims," Cluley said. "Of course, if it does manage to hit an organization that has many computers and if that organization did not have systematic backups of its important data, then there is the chance that the rewards for the attackers can be even greater."
Ransomware Rising
According McAfee’s 2016 Threat Predictions report, ransomware will be a "major and rapidly growing" threat in 2016. The security solutions firm pointed to new malware variants emerging and the success of the "ransomware-as-a-service" business model as drivers for the increase. McAfee predicts the rise in ransomware attacks that started in the third quarter of 2014 and continued throughout 2015 will not slow down this year.
"In 2015 we saw ransomware-as-a-service hosted on the Tor network and using virtual currencies for payments," McAfee said in its report. "We expect to see more of this in 2016, as inexperienced cybercriminals will gain access to this service while staying relatively anonymous."
There are only a few ransomeware families dominating the scene currently, such as CryptoWall 3, CTB-Locker, and CryptoLocker. Nevertheless, McAfee predicts new variants will surface with new stealth functionalities.
"For example, new variants may start to silently encrypt data," the report said. "These encrypted files will be backed up and eventually the attacker will pull the key, resulting in encrypted files both on the system and in the backup. Other new variants might use kernel components to hook the file system and encrypt files on the fly, as the user accesses them."
Protecting Your Assets
The moral of the story: Look for security solutions that can help protect against ransomware that could shut down your operations or cost you millions of dollars to unlock your data.
"The way to prevent ransomware disrupting your business is to backup your essential data, and hold it securely. Don't wait until you get hit by ransomware before you decide it's time to build a backup regime," Cluley said. "In addition, it's obviously wise to have a layered defense, including up-to-date anti-virus defenses and patching against vulnerabilities."