Three Alabama hospitals have paid a ransomware demand to the criminals who started a crippling ransomware attack that is forcing hospitals to turn down all but the most crucial patients, the Tuscaloosa News reported.
As reported, ransomware attack closed the hospitals’ computer systems and prevented workers from following daily procedures. Non-critical patients were transferred to closer hospitals and critical patients will be transferred once they’re stabilized. Associate updated announce on Saturday stated the diversion procedure remained in place. All 3 hospitals are linked with the DCH health system in Alabama.
Over the weekend, the Tuscaloosa News stated DCH officers dispatched payment to the demanders liable for the ransomware attack. The report did not say the amount that officers paid. Saturday’s statement from DCH officers stated that they need to be obtained a decryption key.
However they did not say how they obtained it.
The statement read in part:
In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration. We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems.
We have completed test decryption of multiple servers, and we are now executing a sequential plan to decrypt, test, and bring systems online one-by-one. This will be a deliberate progression that will prioritize primary operating systems and essential functions for emergency care. DCH has thousands of computer devices in its network, so this process will take time.
We cannot provide a specific timetable at this time, but our teams continue to work around the clock to restore normal hospital operations, as we incrementally bring system components back online across our medical centers. This will require a time-intensive process to complete, as we will continue testing and confirming secure operations as we go.
To pay or not to pay
Law enforcement officers and security professionals typically discourageransomware payments as a result of such payments encourage a lot of attacks. And there’s no guarantee the criminals can release the key as agreed. And even when criminals do release a key, typically the malware will permanently destroy a some of the encrypted data. According to an FAQ released to the public by DCH, the ransomware that hit the hospitals was identified as Ryuk.
“Ryuk is particularly nasty as the code contains bugs that cause it to damage about one in every eight files that it encrypts,” Brett Callow, a spokesman with security firm Emsisoft, told the press. “So there is almost always data loss in these cases even if the ransom is paid.”
The darker aspect of not paying ransoms is this: usually, organizations hit by ransomware attack end up paying a lot of higher prices after they choose to rebuff the demand. Instead, they plan to make cripple networks on their own. The city of Baltimore, as an example recently paid over $18 million to revive its ransomware-crippled network. The criminals in this attack had demanded $70,000, however, each city and law enforcement agency officers discouraged the payment.
Ransomware attack is a type of malicious software, or malware, designed to deny access to a computer system or data until a sum is paid. It can be spreads through phishing emails or by unintentionally visiting an infected website.
Ransomware attack can be disturbing to an individual or an organization. Anyone with essential data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems otherwise other critical infrastructure entities.
Recovery can be a extremely challenging process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files.
Nevertheless, there is no guarantee that individuals will recover their files if they pay the ransom.