Cyber-Attackers Renege After Hospital Pays Ransom

Written by Aldrin Brown
May 26, 2016

The Wichita, Kan., crime appears to be the first public case where the perpetrators failed to release the data despite being paid.

In a new twist on a long-growing problem, cyber-attackers targeting a Kansas hospital were paid a ransom to release hostage files, then refused to unlock the files and instead demanded more money.

Wichita-based Kansas Heart Hospital was the victim of a classic ransomware attack on May 18, during which some portion of patient files were locked by hackers.

The Doyle Report: Selling Security to Non Believers.

The cybercriminals then reached out to hospital administrators and demanded money – typically to be transmitted in Bitcoin or other untraceable virtual currency.

Once the payment is confirmed, the attackers provide the hospital with a decryption key to open the files.

It’s not clear when Kansas Heart Hospital paid the money, but this week, its president, Dr. Greg Duick, told reporters that the hackers didn’t live up to their part of the bargain.

Duick said the hospital paid “a small amount” of money but only received partial access, and a demand for additional money for a key to the rest, according to an article in Techspot.

Hospital officials declined to pay the second ransom, deeming it no longer “a wise maneuver or strategy,” Duick is quoted as saying.

At least 14 U.S. hospitals were victims of similar cyber-attacks during a recent six-week stretch this spring.

The MedStar Health chain was particularly hard hit in that wave of ransomware breaches, and operations had still not returned to normal weeks after a March attack targeted networks linked to several of the company’s Maryland- and Washington, D.C.-area hospitals.

The Kansas case marks the second time in recent months that a hospital has publicly acknowledged paying a ransom to hackers.

In February, Hollywood Presbyterian Medical Center disclosed it paid 40 Bitcoin, or about $17,000, to regain access to its records.

Experts suspect countless secret ransoms are regularly paid because cyber-attackers typically demand relatively modest amounts of money to boost the chances of successful extortions.

As a result, it’s impossible to know how often victims are dissatisfied with the outcomes of paying ransoms to end cyber-attacks.

Cyber-criminals’ recent focus on hospitals offers important clues about the thinking of professional hackers, and hints at other types of organizations and networks that could be similarly vulnerable, said Patrick Upatham, director of threat research at Digital Guardian, a provider of IT security solutions.

“What it comes down to is that there’s definitely no safe business,” he told MSPmentor recently. “Even with cutting edge tools, some of the (malware) variants are not detectible.”

Send tips and news to [email protected].