杏吧原创

Ransomware threat highlighted by Los Angeles hospital payout

The cyberattackers didn't earn much, but the fact that a hospital paid to regain control of its files shows how easy it is to exploit security weaknesses
Hollywood Presbyterian Medical Center
Bitcoin is making it easier for cybercriminals to profit from their attacks
Mario Anzuoni/Reuters

Extortion is bigger business than ever, and now it doesn鈥檛 have to rely on people depositing bags stuffed with cash. Earlier this month, cybercriminals attacked a hospital in Los Angeles, then demanded payment in bitcoin to let the hospital regain access to their computers. It鈥檚 the most high-profile case yet of cyber-extortion using software known as ransomware.

The attack on Hollywood Presbyterian Medical Center effectively knocked it offline. As a result, patients had to be diverted to other hospitals, medical records were kept using pen and paper, and staff resorted to communicating by fax.

The attackers demanded 9000 bitcoins 鈥 around $3.6 million. After a two-week stand-off, the hospital yesterday paid out $17,000.

Malware can infect computers when someone clicks on a link to a booby-trapped website, or opens an attachment in a phishing email. In a ransomware attack, the malicious software typically encrypts all of the files stored on a system 鈥 making them unusable 鈥 and demands payment to decrypt them.

鈥淩ansomware has really exploded in the last couple of years,鈥 says Steve Santorelli, a former UK police detective who now works for , a threat intelligence firm based in Florida. One ransomware package, CryptoLocker 3.0, is thought to have earned attackers $325 million in 2015 alone.

鈥淭hese guys are crazy sophisticated,鈥 says Jake Williams, the founder of cybersecurity firm . Some even have online helpdesks that can be accessed via the anonymising web browser Tor, and will decrypt one of the victim鈥檚 files to prove that they have the key.

Williams says his company has worked with several healthcare providers who have been attacked. When clients don鈥檛 have their files backed up and the ransom is relatively small 鈥 hundreds of dollars, say 鈥 the firm advises paying up. 鈥淲e tell them before the attackers realise they鈥檝e got a much bigger fish on the hook, go ahead and pay immediately,鈥 he says. 鈥淚n every case we鈥檝e worked with, if you pay the ransom, within a couple of hours you get the decryption key and are able to decrypt your files.鈥

Ransom by bitcoin

, a security researcher at the University of Cambridge, says bitcoin has helped cybercriminals to access payments without being caught. 鈥淚n the old days, collecting ransom was really hard. The police would just put a radio tracker in the carpet bag full of 拢20 notes and they would always get the guy. Now it鈥檚 possible to collect ransoms by bitcoin, lots of people are doing it.鈥

This is not to say the criminals can鈥檛 be tracked down. 鈥淕ood cybercrime investigation is about turning over thousands of little rocks looking for the mistakes that the criminals have made,鈥 says Santorelli. 鈥淎nd they always make mistakes.鈥 Williams says in some cases his firm has been able to trace attackers to locations in eastern Europe.

Protecting against ransomware is easy: back up your files frequently and make sure your network is segmented 鈥 divided up in such a way that an attack on one machine can鈥檛 spread. 鈥淧rofessionally run operations are not really at risk from ransomware,鈥 says Anderson. 鈥淵ou can always go back to yesterday鈥檚 data.鈥

It would appear that Hollywood Presbyterian was not so well prepared, and it shut down its network after the infection. 鈥淚t sounds like they鈥檙e pretty disorganised there, from an IP security perspective,鈥 says Williams.

Although ransomware typically encrypts files, the goal of some attacks may be to grab medical records. 鈥淲e鈥檝e seen malware in healthcare environments that鈥檚 been able to steal patients鈥 information,鈥 says Williams.

Many more hospitals may have been attacked by cybercriminals, but we never hear about it because they keep things under wraps. 鈥淧eople don鈥檛 want to rock consumer confidence, and having your medical history stolen is pretty horrific,鈥 says Santorelli. 鈥淭his is going to be devastating to the victims.鈥

As long as security weaknesses exist, there will be criminals eager to exploit them for profit, says Williams. School districts and police departments have also been targeted. 鈥淯ntil healthcare in particular and some of our other critical infrastructure start taking this seriously, you鈥檙e going to see these attacks for sure.鈥

Topics: bitcoin & cryptocurrency / Computer crime