$17,000 Ransom Paid by Hollywood Medical Center (Updated) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

$17,000 Ransom Paid by Hollywood Medical Center (Updated)

If you follow IT security news, you most definitely have heard that the Hollywood Presbyterian Medical Center was hit by ransomware. Consequently, the Center decided to pay the ransom, realizing that they had no choice. However, the claim that the ransom demanded by cyber criminals equaled to 9,000 BitCoin, or $3.6 million, is nothing but a speculation, as revealed by a statement issued by HPMC’s CEO Allen Stefanek.

17-thousand-dollar-ransom-sensorstechforum

Initial Claims of the Size of the Ransom Turn Out to Be Untrue

Mr Stefanek wrote that the reports of such payments were false:

The reports of the hospital paying 9000 Bitcoins or $3.4 million are false. The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000. The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.

As seen in the quote above, the Medical Center paid 40 Bitcoins, or $17,000, an enormous amount of money but considerably less than $3 million.

Targeted Malware Attacks Continue in 2016

High-profile, targeted attacks are continuously increasing and affecting various financial sectors, health care being of them. This is not the first case when the affected party decides to pay cyber criminals. Unfortunately, with some ransomware pieces decryption without the unique key in possession of its creators is not possible. Several such cases are yet to be resolved:

  • The latest version of CryptoWall (random extensions appended to the filenames which are also changed to confuse the victim even more);
  • The latest versions of TeslaCrypt (.micro, .mp3, .vvv extensions);
  • The newly disclosed Locky Ransomware (.locky extension).

Even though the hospital hasn’t revealed the ransomware that attacked them earlier this month, we suspect that it may be one of the pieces mentioned above. If not, it was definitely a sophisticated form of ransomware that couldn’t be resolved with any of the known decryption utilities. That, or the hospital couldn’t afford to waste any time and needed to restore normal functionality as soon as possible.

More Ransomware Stories:
FBI’s Advice on Ransomware: Pay Them
Magic, the Open Source Ransomware from GitHub

Luckily, no patient was physically hurt by the ransomware attack, nor was it fatal to the employees’ personal information:

It is important to note that this incident did not affect the delivery and quality of the excellent patient care you expect and receive from Hollywood Presbyterian Medical Center (“HPMC”). Patient care has not been compromised in any way. Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access.

Have a look at Stefanek’s statement.

Article Update (Feb 19, 2016)

Our colleagues over at Heimdal Security have just confirmed that the ransomware that hit the Hollywood Presbyterian is indeed Locky. Multiple security analyses also reveal that Locky is closely related to the Dridex malware. More information will be available soon.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...