Ransomware, a newer type of cyber attack, is becoming increasingly popular. A virus that infects a computer or computer system and then locks all the files and programs, hackers using ransomware are typically the only ones with the “key”, or code, that can unlock the victim’s data. Unfortunately, that key normally comes with a steep price that can range from hundreds to thousands of dollars. While some are able to escape scott-free since their data is backed up in a separate area, many are not as fortunate, as the news has recently been flooded with a number of high-profile ransomware horror stories.
According to various reports, a Los Angeles hospital noticed inconsistencies in their network, which soon led to a system-wide shutdown due to a crippling ransomware virus. Since the problem was reported on February 5, doctors have been unable to access any stored medical data or even cross-check their facts, leaving them to deal with faxing information or communicating via telephone and face-to-face interaction. The hackers originally demanded $3.6M in Bitcoin and facility staffers are working with both local law enforcement and the FBI. While they have maintained that patient care has not been compromised, a number of patients have been transferred to nearby hospitals due to the inability to access treatment records, X-rays, CT scans and other data.
At least 4 out of 5 healthcare institutions have reported some type of cybersecurity breach in the last two years, according to a study by KPMG. While ransomware attacks are mostly random – generated through mass emailings that are easily interacted with through any employee at the institution – the money that is demanded increases significantly if the hackers realize they have landed a big name, so to speak. Individual attacks can see demands of a few hundred dollars; unfortunately, once the attackers realized the group they had in their hands, the asking price greatly increased.
Ransomware attacks don’t have to completely level an individual or company – simply becoming more aware of suspicious emails or webpages is a major step in the right direction. Above all, backing up your priority system data is imperative; if the hackers hold your data hostage but you have another copy in a separate, safe location, paying them any kind of money becomes moot since the data they hold is obsolete and of no further value. However, this is absolutely the case for a regular ransomware attack – if the hackers were also going after the information itself it would be far more egregious.
Update: With the hospital reportedly paying $17,000 to release the network from the ransomware attack, it is safe to say that ransomware attacks aren’t losing popularity with hackers, especially since they may be buoyed by this particular outcome. Until the potential victims and organizations educate themselves on best practices for spotting questionable online activity, as well as creating a plan to protect and store their key data, ransomware attacks will continue to be a major weapon in a hacker’s arsenal.