Kansas Heart Hospital Pay Ransomware but cyber criminals come back for second course
Ransomware attackers collected ransom from Kansas hospital, hospital pay ransomware but it didn’t unlock all the data, then the cybercriminals demanded more money. Wichita-based Kansas Heart publicly stated that it paid the ransom. (Hollywood Presbyterian in February was also forced to pay ransomware of $17,000 after attackers originally demanded $3.4 million). Kansas Heart Hospital declined to pay the second ransom, saying that would not be wise. Security experts, meanwhile, are warning that ransomware attacks will only get worse.
There are several reasons why the most common advice for dealing with ransomware is “don’t pay ransomware.” Once you’ve shown cyber criminals that you’re willing to pay money to retrieve your data, there’s nothing stopping them from targeting you again, if they even uphold their end of the deal.
Such is the case for Wichita-based Kansas Heart Hospital, which fell victim to ransomware, and decided to pay up. But to their surprise, criminals who would lock a hospital out from its vital data did not have the moral backbone to hold up their end of the bargain, providing only partial access and demanding more money.
According to TechSpot, the hospital is not paying any further ransom, and has a strategy in place to minimize the damage. It’s not the first hospital to pay a ransomware attacker’s demands – which typically range in the tens of thousands of dollars – but doing so is ill advised.
“Ransomware has been an inconvenient truth for a while, a tried and tested dance where an attack is launched and the ransom is modest, just enough where many organizations just pay it to make the problem go away,” said Ryan Witt, vice president and managing director of the healthcare industry practice at security specialist Fortinet.
While the industry is waking up to this problem because of high-profile cyberattacks that have occurred within the past year or so, including those against MedStar Health, Chino Valley Medical Center and its sister site Desert Valley Medical Center, Methodist Hospital in Kentucky.
“Paying a ransom doesn’t guarantee an organization that it will get its data back,” explained FBI Cyber Division Assistant Director James Trainor. “We’ve seen cases where organizations never got decryption keys after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
Instead, he recommends organizations focus more on prevention efforts, not only in technical prevention controls, but in awareness and training for employees, as well as a solid business continuity plan, including regular and secure backups.
FBI Tips for Dealing with the Ransomware Threat
- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
- Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
- Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
- Disable macro scripts from office files transmitted over e-mail.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
- Back up data regularly and verify the integrity of those backups regularly.
- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.