Ransomware is undeniably nasty and unpleasant, but unlike the maliciousness of DDoS attacks and password stealing trojans, there’s a way out. If you simply swallow your pride and pay the ransom, the nightmare is over… or so you would think. Kansas Heart Hospital was recently hit by ransomware, and those behind the attack didn’t live up to their end of the bargain after the ransom was paid. Rather than unlock the hospital’s files, they asked for more money.
It doesn’t matter if you’re a regular internet user or the IT guy at a hospital, a ransomware infection has the same consequences. After it’s installed on a system, ransomware goes to work encrypting your important files with a private key that prevents you from accessing any of them. Some of the more “premium” versions will show you a list of encrypted files and decrypt one or two of them free to prove it’s possible. If you want the rest of them, it’ll cost you between several hundred and several thousand dollars, paid in untraceable Bitcoin.
The ransomware that infected Kansas Heart Hospital asked for a “small amount” of money, according to hospital president Dr. Greg Duick. The hospital paid the ransom, but the decryption key was not provided. Instead, the extortionists asked for a second, larger payment in exchange for the key. Duick says they didn’t get it, but he declines to specify how much they were asking for.
A number of other hospitals have been hit with ransomware in the recent past. Just earlier this year 10 Medstar facilities on the east coast were targeted. In that case, the damage was much more severe. The hospitals were forced to shut down their computer systems completely, which meant using old school pen and paper records. At Kansas Heart Hospital, Duick claims the administration had a plan in place to minimize the damage. It never had any patient data at risk and operations continued normally.
Strangely, this plan apparently didn’t include backups. Or perhaps, the backups were stored on the same system as the files, meaning they too were rendered inaccessible. Whatever the situation, Kansas Heart Hospital clearly wasn’t backing up correctly. It’s nice it didn’t risk patient information, but it should not have been necessary to pay any money to the attackers in the first place.
If this sort of ransomware double dip becomes common, it may be harder to extract payments from people in the future. It’s not like these are trustworthy people in the first place, but now they can’t even stick by their own business model.