When hackers breached the networks of Kansas Heart Hospital in Wichita last May, locked data files and demanded payment for decryption keys, hospital administrators decided it most expedient to just buy some Bitcoin, pay the modest ransom and get the facility back to work.
But after paying off the perpetrators of the May 18 ransomware attack, the criminals released only part of the records, then demanded more money for the rest.
It appears their experience is not unusual.
More than one in three (36 percent) ransomware victims ultimately pay up, but nearly half of those (17 percent) don’t get their files back anyway, according to the Kaspersky Lab Consumer Security Risks Survey, released this week.
“We urge all ransomware victims, whether they are large organizations or single individuals, not to pay the ransom demanded by criminals,” Andrei Mochola, head of consumer business at Kaspersky Lab, said in a statement.
“If you do, you will be supporting the cyber criminals’ businesses,” he continued. “And, as our study shows, there is no guarantee that paying the ransom will actually give you access to your encrypted data.”
The survey polled more than 12,500 Internet users from 22 countries, during the month of August.
The frequency and sophistication of ransomware attacks show no sign of letting up. While no sector has completely escaped the threat, health care organizations have been particularly hard hit.
Kansas Heart Hospital was among at least 14 U.S. hospitals that fell victim to ransomware attacks during a six-week period this spring.
In that case, hospital officials declined to pay the second ransom, deeming it no longer a “wise maneuver or strategy,” the hospital’s president, Dr. Greg Duick, told reporters.
That attack also marked the second time this year that a hospital acknowledged paying to end a ransomware attack.
In February, Hollywood Presbyterian Medical Center in Los Angeles disclosed it paid 40 Bitcoin, or about $17,000, to regain access to its records.
Experts suspect countless similar ransom negotiations are constantly occurring in secret, with varying levels of success.
Kaspersky Lab is among two security vendors participating in “No More Ransom,” an initiative to help ransomware victims.
“The No More Ransom initiative, launched by the Dutch National Police, Europol, Intel Security and Kaspersky Lab, is sharing decryption tools to help victims recover their data without paying a ransom,” according to a Kaspersky Labs statement. “The project, since its launch in July, has already helped more than 2,500 people successfully decrypt their data.”
No More Ransom also seeks to educate users on how ransomware works and how to prevent infection in the first place.
If a ransomware attack does strike, No More Ransom recommends notifying law enforcement.
Visit the No More Ransom website for decryption tools and more information.
Send tips and news to [email protected].