Hospital Forced Back to Pre-Computer Era Shows the Power of Ransomware

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://www.technologyreview.com/s/600817/hospital-forced-back-to-pre-computer-era-shows-the-power-of-ransomware/

Malicious software that uses encryption to hold data for ransom has become
wildly successful over the last few years. Ransomware, as it is known, now
looks to have scored its highest-profile victim yet.

Hollywood Presbyterian Medical Center in Los Angeles was infected by
ransomware more than a week ago. The software locked up files throughout
the hospital’s IT system and, according to unconfirmed reports, demanded
9,000 bitcoins, more than $3 million, for their return.

The hospital’s computer systems have been shut down ever since. Staff,
stuck using paper and fax machines, have struggled to care for patients
without access to e-mail or medical records. Some patients have been
transported to other hospitals.

Hospitals and other health organizations are sometimes targeted by
criminals who want to access medical records for identity theft. But the
CEO of Hollywood Presbyterian Medical Center told a local news station that
the attack was “random.” That suggests his facility has been hit by one of
the many strains of ransomware circulating online, spread through spam
e-mails and infected Web pages. It also suggests that the ransom demanded
was not really over $3 million, as ransomware typically demands far smaller
sums.

The ransomware business model has turned out to be a blockbuster. Security
company Bromium estimates that the incidence of attacks doubled in 2015.
One leading ransomware package, Cryptolocker 3.0, brought in an estimated
$325 million in 2015 alone, according to a group of companies working
together at the Cyber Threat Alliance.

Ransomware typically uses standard encryption protocols like those used to
legitimately lock up data, which are for practical purposes unbreakable.
The ransom demanded is usually around $500 and requested in bitcoins,
making it easier for the criminals to collect their money without detection.

The latest ransomware makes use of the Tor anonymity network to prevent its
operators from being traced. Some use a “freemium” business model: a victim
is allowed to decrypt some data for free to demonstrate that the rest can
be returned if he or she pays up.

Many victims do end up paying the ransom—44 percent by one estimate—because
once your data has been locked up, there’s not much else you can do. Having
good backups that are kept isolated from the main system is the only real
way to recover data after ransomware has struck. Some ransomware is able to
find and encrypt backups when it infects a system, however.

Hollywood Presbyterian Medical Center is not the first public service body
to be crippled by malware. A Mississippi school district had its systems
taken down by ransomware earlier this month. Many local police departments
in the U.S. have also been hit. Last year, police departments in
Massachusetts and Maine even ended up paying roughly $500 apiece to get
their data back.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.