A hospital in California has paid a hefty price to cyber criminals who infected their computer systems with ransomware– a form of computer virus that locks those infected out of their data until a ransom is paid to unlock it.
In this case, the hospital paid those behind the crime approximately $17,000 in order to regain access to their data. The hackers, perhaps unsurprisingly to some, demanded that the ransom be paid in the form of Bitcoins, 40 to be exact.
Bitcoin payments offer a certain level of anonymity which is perhaps why they’re described by some as an “anonymous” form of currency. This notion of anonymity is derived from the anonymous nature in which payments can be sent and received, as personally identifying information can go unprovided for both the sender as well as the receiver.
Hollywood Presbyterian Medical Center, the hospital that recently coughed up 40 Bitcoins to ransomware hackers, is by no means the first to have been hit. Just last year, police in Maine paid approximately $300 to unlock their files and a Boston-area police department found themselves paying $500 after both found their systems hijacked by ransomware.
U.S. Senator Bob Hertzberg was quoted by the Los Angeles Times as having referred to ransomware extortion as “an electronic stickup” that is equivalent to extortion. Subsequently, he proposed legislation earlier this week with language intended to designate the infection of a computer with ransomware a crime on par with extortion.
In regards to Hollywood Presbyterian Medical Center’s decision to pay the ransom, the hospital’s chief executive, Allen Stefanek, stated that the decision was made with “the best interest of restoring normal operations” in mind and that it was the “quickest and most efficient way” for them to restore their systems.
The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key […] In the best interest of restoring normal operations, we did this.
Ryan Kalembar, senior vice president of cybersecurity strategy at Proofpoint, told CBS News that the hospital’s decision “was the easy choice” but he “wouldn’t say it was the right choice,” as by doing so, the hospital finds itself in the awkward position of funneling money into what is potentially organized crime. He added that Proofpoint has even seen “terror groups finance their organizations by using operations like cyber crime and ransomware.”
It was the easy choice. I wouldn’t say it was the right choice […] When you do pay this ransom, you’re funneling money potentially to organized crime. We’ve seen even terror groups finance their organizations by using operations like cyber crime and ransomware.
What do you think of the hospital’s decision to pay the ransom to unlock their systems?
