Nowadays, cyber criminals are hitting massively. Over the past few months, they took control of a Boston-area police department’s computer system last year, and officials had to pay a $500 ransom to get back the control. Later on, hackers attacked a sheriff’s department in Maine and got a $300 ransom to release the system.
However, when malware ransoms are concerned, Hollywood Presbyterian Medical Center had to pay a much bigger price than the others. The hospital paid a $17,000 ransom in bitcoin to the hacker who seized control of the hospital’s computer systems.
According to the law enforcement officials and cyber security companies, there is a huge progress in cyber attacks on both private businesses and public institutions. Some attacks make national headlines, but other occur without any publicity and the victims should ultimately agree to pay the ransom.
In many cases, businesses decide that paying the ransom is the quickest and most efficient way to get their data back.
“People don’t like to talk about it. It’s happening across all industries, banking, small businesses and other places,” the cyber security consultant Phil Lieberman stated.
Lately, ransom payoffs troubles law enforcement as well.
“We don’t ever recommended paying a ransom in any criminal investigation,” said LAPD Capt. Andrew Neiman. “It is a personal choice. Paying a ransom doesn’t ensure anything.”
According to Capt. Neiman, the cyber attack against Hollywood Presbyterian Medical Center on Feb. 5, was first reported on Feb. 6 to the Los Angeles Police Department, and after that the FBI got involved.
Usually, cyber criminals target smaller companies and government agencies which are less likely to have sophisticated computer protections.
According to Katherine Keefe, Global Head of Breach Response Services for Beazley, her clients have seen an increase in ransomware attacks targeting a variety of fields, including higher education, government, finance, law, real estate, hospitality and retail.
These attacks are made when a PC user enters a corrupted website or opens a spam email sent by cyber criminals. Then the malware gets installed on the system and locks the victim’s computer to prevent access to the data, or starts to spread the virus to the institution’s computers and lock them all.
“It installs a piece of software that encrypts everything in the machine and sends the key to the server run by the hacker,” Lieberman explained. “They will send you that key when you pay up.”
According to FBI officials, computers sometimes display a fake message purporting to be from a law enforcement agency, claiming that the user’s Internet address has been associated with child pornography sites or other illegal activity.
However, more often the malware program displays a screen which tells users they can unlock their virtual machines by making a payment through a money service. In the Hollywood hospital case, the digital extortionist demanded 40 bitcoin, a cyber currency, be paid to an exchange. The payoff was made before the hospital notified authorities, according to two law enforcement sources who spoke on the condition of anonymity because they were not authorized to discuss the case.
“The Feb. 5 attack on Hollywood Presbyterian infected the hospital’s computers and quickly locked the staff out of the communication and patient systems”, stated Chief Executive Allen Stefanek.
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek added. According to him, the patient data was never compromised.
Lieberman stated that the goal of these hackers, is not to steal data but to merely lock it in place and take away the key.
Many of the extortionists are just franchisees, typically based in Eastern Europe.
“These are a like McDonald’s or Subways. They get all the technical know-how for a price. All they have to do is get a list of targets,” Lieberman said. “They even get updates of the malware.”
In 2013 the ransomware attacks escalated alongside the rise of the malware program known as CryptoLocker. The program infected more than half a million computers and generated millions of dollars for its operators before the FBI neutralized its command and control.
The CryptoLocker software struck the Yuma Sun newspaper in 2013 and the Swansea Police Department in Massachusetts.
The Sun received a demand for $300 after the malware was downloaded.
“It was very tough,” said the publisher Lisa Reilly. “It’s the worst of timing. We had just been bought by new owners and were installing a new computer system.”
Lots of companies nowadays have software installed in their computer systems to prevent such malware from ever running on their devices.
According to Lieberman, the more modern your computer, the less likely an attack will succeed. Newer operating systems like Windows 10 make it harder for programs like CryptoLocker to work.
Keefe said that companies need to have backup plans to restore data so they can simple erase the infected machines and start over. Experts say that is becoming easier with the use of cloud storage.
In any case, some officials think even more should be done. When the cyber security firm Symantec got access to one ransomware operation, it was bringing in $34,000 a day.
“Basically, it is an electronic stickup,” said state Sen. Bob Hertzberg, who this week proposed legislation to make infecting a computer with ransomware a crime equivalent to extortion.
“$17,000 for the hospital, with patients who could be endangered, is something they are going to pay,” Hertzberg aded.
