An LA-based hospital paid $17,000 in Bitcoins to recover ransomware-encrypted data, according to news reports.
The Hollywood Presbyterian Medical Center paid the value of 40 Bitcoins to a hacker who seized control of the hospital’s computer systems and locked users out for more than a week. Patient care was not compromised, but it is unknown if patient or employee information was stolen, the hospital announced.
After contacting law enforcement and computer experts, the hospital management decided to pay the ransom to retrieve access.
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” Allen Stefanek, President & CEO, said in a note.
This cyber-attack reminds us of three things:
- Large organizations are not exempt from ransomware attack — au contraire.
- Little can be done once infected. The attacks have an impressive success rate.
- Paying the attackers encourages cyber-crime.
In the United States alone, more than 50 percent of ransomware victims have given in to extortionists’ demands, a Bitdefender study reveals. US Internet users would spend as much as $350 to recover their personal photos and files.
But when it comes to organizations, their data and their clients’ data, amounts reach lots of zeros.
That’s why it is extremely important to strengthen security in the first place. Namely:
- Educate employees on good computer practices, identifying social engineering schemes and spear-phishing emails.
- Install, configure and maintain an advanced endpoint security solution.
- Enable software restriction policies to block programs from executing from specific locations.
- Use a firewall to block all incoming connections from the Internet to services that should not be publicly available.
- Make sure programs and users have the lowest level of privileges necessary to complete a task.
- When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
- Enable System Restore to restore previous versions of the encrypted files once the virus has been removed.
What do you think, what is the best way to deal with ransomware?