Imagine waking up to an urgent 5 a.m. call: Something has taken over your corporate network and encrypted all of your data, and supposedly the only way to get it all back is to pay a significant sum to an anonymous third party using Bitcoin. While that scene might sound like something out of Hollywood, it is actually very real – and it’s exactly what several variants of ransomware are doing to organizations around the globe.
Two recent appearances of ransomware in the news demonstrate that it is a problem that is growing in both volume and significance, as larger and larger organizations, some critical to public and social services, are impacted by an outbreak:
- The BBC reports that the Chino Valley Medical Center and Desert Valley hospital, in the state of California, were infected with ransomware. A spokesman for the owner of the medical center, Prime Healthcare Services, confirmed that there were some “significant disruptions of [the medical center’s] hospital systems.”
- In a recent high-profile case, the Hollywood Presbyterian Medical Center declared an internal emergency after suffering on outbreak of ransomware. Ultimately, this hospital decided to ante up the required Bitcoin ransom payment, handing over $17,000 in order to get access to its computers. The original ransom demand was for $3.7 million in Bitcoins, so if nothing else, that is some decent negotiating on the part of the hospital.
- A Kentucky medical center, Methodist Hospital, was recently infected by a ransomware attack. This time, the strain of the ransomware was confirmed: Locky, a newer variant of Cryptolocker, infiltrated the defenses of the medical center’s network and spread to the entire internal network as well as several other systems, according to the CNBC report. At the time of this writing, the ransom demand was for $1,600 for this particular hospital, and it was unclear if the hospital intended on paying the ransom. Another report in Ars Technica quotes the hospital’s attorney: “I think it’s our position that we’re not going to pay it unless we absolutely have to.”
This stuff is insidious. Ransomware typically comes in as an email attachment, purporting to be an invoice or a shipment tracking document or something else seemingly innocuous. Once open, ransomware typically silently begins encrypting all of the files it can, without any user interaction or notification. It is only once its dastardly deed is done that it prompts the user with information about how much the ransom is, how to pay it and more.
It used to be that the first versions of Cryptolocker were not smart enough to go after data on network drives and only inflicted unwanted encryption on files stored locally to a machine. This could still be paralyzing in some instances, but for medium to large businesses who stored the majority of their data on network shared drives and SANs or NASes, this provided a level of relief.
Sign up for Computerworld eNewsletters.