This was a very serious situation; ambulances were diverted, electronic medical records disappeared, digital communications were unavailable, and there was zero access to X-ray or CT scan information. Radiology and oncology departments were also all but shut down. In other words, all the normal functions for a hospital to perform effectively were seriously disrupted.
For a hospital to be affected in this way is the quintessential nightmare, the Ransomware was still spreading and both the hospital and law enforcement were helpless to do anything about it. So, in the end, paying the ransom was really the only viable option.
Fortunately, the crooks in this case were at least true to their word (honest crooks?) and, although rewarding these ********s is definitely not normally advised, at least the hospital’s computer system is now in the process of being restored to normal functionality.
In what could arguably be described as a silver lining in decidedly gloomy cloud, it turns out the earlier reports of a massive ransom demand were grossly exaggerated. According to hospital CEO Allen Stefanek, the ransom was much smaller than previously reported – amounting to 40 bitcoins, the equivalent of around $17,000:
The reports of the hospital paying 9000 Bitcoins or $3.4 million are false. The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.
Considering the critical nature of medical facilities, the fact that the hospital really had no other option than to pay up, and the large sum of money involved, this may well turn out to be a defining moment in Ransomware history.
This still makes me sick knowing someone would do this to a hospital. Even if it was a small ransom they could had killed someone with tampering with hospital files and services. Hopefully this will open their eyes to the security issue and work hard to solve it. With any network/computer security we are always fighting to keep up with hackers. One step forward than two steps back.
Agree: Unfortunately it could be some teenagers who have little sense of right and wrong at their age – or whose Mommy and Daddy didn’t teach any morals to. I talked to a girl working for Symantec a few years ago, whom I noticed in the lobby of a shop that installed a radio in my truck. She said you’d be surprised at how young some of these malware authors are. 🙁
To be honest, paying them was the smartest move by the hospital. Imagine the lives that could be lost if they had to wait for technicians to remove the ransomeware, if that would even be possible! I realize there is no guarantee the culprits would be true to their word, but it’s a chance worth taking in my opinion. I realize this encourages other hackers to do the same, but people lives could be at stake if the hospital didn’t get their systems operating again. Does anyone feel the same? Or different?
I think most would agree with you Greg. The only concern – the ingredients and outcome in this scenario have almost certainly painted a great big target on hospitals and the like for this type of extortion.
I hope the courts and legal system rule on this issue, and throw the book at people who are caught doing this. In the case of teens who are computer geniuses with too much time on their hands, I don’t know what you do: they have to be told right and wrong, and made to realize the gravity of what they have done. Not sure what anyone can do about that because you can’t lock teens up for life. The problem is, they have to develop some moral understanding of what is Verboten and dangerous, life threatening. Perhaps this is an indictment on our society in general, dunno.
The thing that absolutely amazes me beyond utter belief is that somewhere there are methods/software that allows folk to be completely, repeat, completely hide themselves away from authorities !!!
Are those secrets available to every Tom, Dick and Harry?
Can you or I do the same thing ?
A lot of folk use this and that to “hide” themselves away but hats off to these guys !
They have all you IT and Computer hacks/hackers with your knickers in a twist.
What really can be done about it? And how would “ordinary folk” gain access to these methods of hiding themselves away?
This should be the main question to be asking !!
In a word “botnets”. Plus several methods from within a botnet, such as FastFlux hosting, Domain Generation Algorithms (DGA), and custom DNS servers.
Bear in mind, these criminal outfits are well financed and professional. Essentially, if you want to be nigh on impossible to track, you need to be a criminal yourself.
The consensus is that the policing authority’s best means of tracking these cyber-criminals down is boots on the ground, undercover operations which infiltrate the criminal organizations. Unfortunately, this method is not much help after the fact.
Jim Hillier commented on Daves Computer Tips:
In a word “botnet’s”. Plus several methods from within a botnet, such as FastFlux hosting, Domain Generation Algorithms (DGA), and custom DNS servers.
Bear in mind, these criminal outfits are well financed and professional. Essentially, if you want to be nigh on impossible to track, you need to be a criminal yourself.
The consensus is that the policing authority’s best means of tracking these cyber-criminals down is boots on the ground, undercover operations which infiltrate the criminal organizations. Unfortunately, this method is not much help after the fact.
I will not try and to assess blame here but some PC user within that hospital had enough administrative privlege to allow this to be installed on a PC on their network. Was this due out of ignorance or through a lack of security concern with the hospital’s network administartors? If it is the latter then I surely hope they at least know how to patch the security breach. If it is out of ignorance, then someone needs to learn how to properly use PC’s on a network and to set protcols for that network.