Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hollywood Hospital Pays $17,000 Ransom to Recover Files

The Hollywood Presbyterian Medical Center in Los Angeles has decided to pay a ransom demanded by a piece of ransomware that infected the organization’s computers earlier this month.

The Hollywood Presbyterian Medical Center in Los Angeles has decided to pay a ransom demanded by a piece of ransomware that infected the organization’s computers earlier this month.

The hospital discovered the malware on its systems on February 5, when staff experienced difficulty in accessing the network. An investigation revealed that a piece of ransomware had encrypted files on some devices, which led to a disruption of the organization’s IT systems.

Law enforcement was notified and experts were called in to assist Hollywood Presbyterian with tracking down the source of the attack and restoring systems.

Initial reports said the ransomware demanded the payment of 9,000 Bitcoin (roughly $3.4 million), but, as expected, the information turned out to be inaccurate. Allen Stefanek, president and CEO of Hollywood Presbyterian, clarified on Wednesday that the cybercrooks demanded 40 Bitcoins, or roughly $17,000, which the hospital paid.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” Stefanek said.

“HPMC has restored its electronic medical record system (“EMR”) on Monday, February 15th. All clinical operations are utilizing the EMR system. All systems currently in use were cleared of the malware and thoroughly tested. We continue to work with our team of experts to understand more about this event,” he added.

Stefanek told NBC that this appeared to be a “random” attack, which raised questions about the reports that the attackers demanded 9,000 Bitcoins. In most ransomware attacks, cybercriminals demand hundreds of dollars worth of Bitcoin, although there are some variants that demand larger amounts and the ransom usually increases considerably if it’s not paid within 48 hours.

Most security experts advise against paying the ransom, but it’s clear that there are people and organizations that feel they have no other choice. An analysis conducted by the Cyber Threat Alliance last year showed that a cybercrime ring managed to make more than $300 million using the CryptoWall ransomware.

Advertisement. Scroll to continue reading.

“Ransomware has become a lucrative business for underground malware writers. They’re attempting to infect end users through multiple methods of attack, such as phishing, drive-by download scams and server vulnerabilities. The quick ‘monetization’ of ransomware scams is the reason for this new vector being exploited so heavily,” Rahul Kashyap, EVP and Chief Security Architect at Bromium, told SecurityWeek. “It is imperative that users do not pay ransom. Paying ransom is equivalent to funding attackers to launch more attacks in the future.”

The BBC reported last month that the Lincolnshire County Council in the UK was hit by a ransomware that demanded the payment of £1 million ($1.4 million) in return for the key needed to decrypt files. It later turned out that the ransom was just $500, which the council refused to pay.

Related: CryptoWall 4.0 Spreading via Angler Exploit Kit

Related: Show me the Money – Cybercriminals Hijack Online Resources to Boost Profits

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.