Ransomware Hackers Get Their Money, Immediately Ask For More

[HardOCP News]

What do you mean those ransomware hackers got the money they demanded from the hospital but still want more? Normally paying off hackers is a brilliant idea. Wait. No it isn't. I'm not sure why the hospital didn't just go with its "backup plan" in the first place.

According to Hospital President Dr. Greg Durick, Kansas Heart initially paid "a small amount" in ransom, but the hackers refused to decrypt the hospital's hijacked files. The hospital shut down negotiations after the second ransom demand, saying it no longer felt "this was a wise maneuver or strategy." The hospital says patient information was never in jeopardy and operations were never impacted.

 

[DocSavage]

This is a good thing. Now the hackers have lost credibility and nobody will pay their ransoms.

 

[TheSandman21]

This is a good thing. Now the hackers have lost credibility and nobody will pay their ransoms.

Yeah, but why hospitals no have offsite backups (or apparently test them)? Then they would get no ransoms instead of one ransom.

 

[the-one1]

A large company I know (will remain nameless) got hit by an encryption malware. It took down majority, if not all, their in house servers. After a week and a half of trying to restore function, they paid the ransom. Not sure how much it was but it was said that it was cheaper to pay than the cost to restore. Turns out their backup scheme got compromised also, hence the payment.
Email, application and file services were down for that entire time.

 

[Bowman15]

They should be hunted down and hung by their balls...I'd donate money to that.

 

[Lifelite]

Yeah, but why hospitals no have offsite backups (or apparently test them)? Then they would get no ransoms instead of one ransom.

Hospitals are REALLY paranoid about their data. They don't allow any outside connections or backups...they would rather lose their patient data than it fall into someone else's hands.

 

[lilbabycat]

Yeah, but why hospitals no have offsite backups (or apparently test them)? Then they would get no ransoms instead of one ransom.

It doesn't work that way, sadly. Think of several dozen different systems/types of equipment, hooked to a dozen different databases, in a dozen different implementations, on a dozen different OS versions, with a dozen different license/support packages, THEN add in the employees themselves, which range from $8hr janitors to God-complex surgeons to "I'm a power player" management, THEN ON TOP OF ALL THAT, add in sweeping and massive regulatory/compesation changes that have the already thin budget stretched further and the state of those systems/servers/equipment is questionable even without a hack.

 

[SGTGimpy]

Hospitals are REALLY paranoid about their data. They don't allow any outside connections or backups...they would rather lose their patient data than it fall into someone else's hands.

It's not paranoia, it's called HIPAA Compliance. All medical institutes that handle any client/patient data must comply with HIPAA regulations period. Most of the problem with this isn't HIPAA itself but the people in charge don't stay current on the new updates to HIPAA. It use to be a big no-no to store client data offsite a few years ago but now, as long as you have a HIPAA compliant Solution and the data is stored in a compliant data center, your fine. Trying to find a HIPAA compliant backup solution and offsite data center isn't hard these days but most of the problem is cost of the solution and storage as well as the fact the Hospital Directors have no clue that it is okay to store data offsite now.

 

[mynamehere]

They should be hunted down and hung by their balls...I'd donate money to that.

Don't forget to feed them a laxative.

 

[delsydsoftware]

Oddly enough, I've spent the past 3 days reinstalling software for a hospital (not the one in the article) whose entire network was hit with ransomware last week. In their case, they removed the ransomware with a cleanup tool, but they still lost a ton of files. It was easier to reinstall most systems than to do full restores. Hospitals are relatively unique, though. In a "normal" IT environment, you just back up your servers and you are fine. Workstations can be reimaged with no issues, because almost all important data is centrally located on servers. So, in that case, blaming IT for not doing backups is valid.

However, there are so many old pieces of software in hospitals which reside on workstations or use fat clients that you would have to have the entire network do nightly backups to prevent this kind of problem. Many of those apps run into serious compatibility issues or require stand-alone workstations, so the prospect of running them on Citrix would be prohibitively expensive or in some cases impossible. It's hard to blame the hospitals for paying the ransom. They are often given the choice between spending money on patient care and IT services.As a result, they continue to use old software on ancient hardware for years and years. A $500 ransom is very little compared to thousands of dollars of potential upgrade headaches.

 

[Decibel]

Reward bad guys for being bad guys. Bad guys still bad guys.

 

[likeman]

its like they did not know what they had infected a hospital until they paid the normal single PC $500 demand (second demand was probably between $10,000-15,000)

 

[Sp33dFr33k]

Turns out their backup scheme got compromised also, hence the payment.
Email, application and file services were down for that entire time.

What kind of backups did they have that the backup system got compromised? Were they using Windows backup to external drives?

At all the places I've seen get infected so far the backup system (Veeam, Backup Exec, etc) has always been fine. Typically it's just the file server as that's usually the only server with accessible shares.

 

[Dekoth-E-]

I'm just going to be blunt as someone who spent some years working on hospital networks. This IT staff should just outright be fired and black listed from ever working in medical IT. This is a failure at basically all levels and is something that Never should happen. I've worked in mega hospitals all the way down to little rural hospitals with an IT staff of 5 and never seen security lax enough to let ransomware on the network much less compromise all the backups. I'll grant someone got seriously stupid and the ransomware got in, but no unaffected backups? Every single hospital I've ever been in has numerous backup systems that take snapshots hourly and keep a 3+ month rotating cycle. At WORST they should of had to roll back a few hours which while bad is still monumentally better than this clusterfuck.

 

[nutzo]

What kind of backups did they have that the backup system got compromised? Were they using Windows backup to external drives?

Leaving a USB drive plugged into your server and backing up your files to it is NOT a backup solution. Anything that appears as a drive can be hit by a virus.
You need multiple backups with at least the 2 most recent backups off-site incase of disaster (like the building burning down).

I even have an off-site backup of our home PC's, just in case.

 

[AndreRio]

they should put these hackers in real jail, doing real time. how are we one day to "trust" everything to computers with these people "playing" with something that each passing second becomes more and more important and very serious.