Hospital pays $17,000 ransom to get access back to its encrypted files: What lessons can we learn?
Cyber criminals recently put the Hollywood Presbyterian Medical Center in an extremely difficult position. According to an article from CSO Online, the criminals hit the L.A. hospital with malware that encrypted their files, blocking authorized access to the data.
For over a week, hospital staff could no longer use their system. To transmit patient information, they had to fall back on using telephones and fax machines. Engadget reports that the attack interfered with treatments and diagnostic work; the hospital had to transfer patients to other facilities. The attack not only threatened the hospital's finances; it also endangered patients.
Finally, the hospital paid $17,000 ransom to get access back to its encrypted files. Working with law enforcement and IT experts didn't help quickly enough in the aftermath of the attack; the encryption was apparently quite powerful, and the hospital couldn't recover the inaccessible files on their own. The hospital's administrators felt that they couldn't wait longer to restore functionality to their system.
The rise of ransomware
Ransomware is any kind of malware that reduces or blocks off access to a system and the data in it. Hackers hope that an organization or individual will pay money to regain access. Ransomware may involve encrypted files, like in the Hollywood Presbyterian Medical Center attack, where the hospital paid for the decryption key. Other times, hackers may lock the system completely until they're paid.
Ransomware is a potent threat, one of the most powerful tools in a hacker's arsenal. And the threat is on the rise. A recent article from CBS News mentions that in 2013, the number of ransomware attacks rose from 100,000 in January to 600,000 in December. These kinds of attacks have also increased in scale, shutting down operations in major companies and other organizations.
Also keep in mind that, in addition to using ransomware, there are other ways that hackers can demand a ransom for your sensitive data. For example, if they obtain your sensitive information, such as a confidential business document, they may ask you to pay them not to release it or sell it to another party.
What lessons can we learn?
One of the lessons from the attack is that no one is safe from ransomware. The malware can get on your system through something as simple as an infected website or an email attachment.
As much as possible, you need to protect your organization's computing devices with anti-malware programs that are regularly updated. It's also important to train employees in cyber security best practices; they should always think carefully before downloading something to their device or clicking on a link to a new site.
Another lesson involves the importance of regularly backing up data. If you've backed up your data offline or otherwise separate from your system, you may not need to pay hackers ransom; you can restore the data on your own or with the assistance of IT professionals, after ridding your system of the malware. Occasionally, it's possible to break the encryption that the malware sets in place, but usually it's too difficult. An organization can't keep operating for too long without accessing its files.
The third lesson really doesn't bring with it easy answers; it boils down to the question of whether or not to pay the hackers. Again, lack of payment means losing the data, which is often an unsustainable action for a business, agency or individual. But paying off the hackers encourages additional attacks, sometimes against the same organization. It's a genuinely tough call to make, and it's frightening how much power hackers attain when they render your data inaccessible.
Your best course of action is prevention, vigilance and strong data recovery measures, including secure back-ups. To discuss these important issues, please contact us. We can help you better protect yourself against this insidious type of cyber attack.