Slashdot Mirror

← Back to Stories (view on slashdot.org)

L.A. Hospital Pays Off Ransomware Thieves To Reclaim Its Network (google.com)

Posted by timothy on from the let-me-guess-the-operating-system dept.

Los Angeles' Presbyterian Medical Center, the target of a successful ransomware attack (successful from the thieves' point of view, that is) has buckled under: to regain control of its network, the hospital has paid a 40-bitcoin ransom (about $17,000) to the gang responsible. That, at least, is a far cry from the much higher ransom widely reported to have been initially demanded: 9,000 bitcoin. (That would have meant a payment of $3.6-3.9 million.)

6 of 159 comments (clear)

  1. Preeeecious by Tablizer · · Score: 4, Insightful

    They fed the trolls.

    --
    Table-ized A.I.
  2. Re:Now What? by aaarrrgggh · · Score: 3, Insightful

    Unfortunately, that is only $8k per bed, or likely around $800/employee. Hell, it is really only two FTEs for the next 5 years...

    A grossly flawed system is much more expensive to fix than that. Maybe they could afford a backup system that is resistant to bitlocker though...

  3. Re:At that price... by Jeremi · · Score: 5, Insightful

    Of course, this does assume that the ransomers won't come back and ask for more money next week.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  4. Re:At that price... by arbiter1 · · Score: 4, Insightful

    Or that the theives didn't already download a ton of patient data off their machines which since they accepted such low amount from what they wanted sounds like they got enough info to make a ton of $ off identity theft.

  5. Re:At that price... by Harlequin80 · · Score: 3, Insightful

    Short sighted from an industry view, probably not from the hospitals view. You would hope they have air gapped their network from the internet at this stage while they reappraise their security and plug holes. From my understanding the ransomware attackers don't normally attack the same target twice as you are less likely to pay up if you think it will happen again. So this should protect them from the current infection.

    It also wouldn't surprise me if patient records were untouched. Those are probably behind higher levels of security than the rest of the network. What I suspect happened is they lost a way of accessing them because all their other systems went down.

  6. The solution to ransomware... by davidwr · · Score: 3, Insightful

    ... is for someone to figure out an efficient way of tracing the full transaction history of any given "coin." Yes, I know that "in theory" it's do-able but it's just plain not feasible right now.

    Yes, I know BC "coins" as such don't have a history, but transactions do. If a coin is the "output" of a transaction then its "parent coins" are all the coins that went into the transaction, in proportion to each other. Yes, you can "launder money" but all that does is "spread the dirt around" resulting in "slightly dirty" BC that are considered only as fractionally valuable as their "clean" fraction.

    For example, if a ransomware victim, in cooperation with the police, pays 40BC to crooks, the crooks will of course launder the money immediately, probably several times over. As soon as the keys are recovered and there is no more danger of the crooks "getting revenge," the police issue a notice that all BC whose "transaction history" included this transaction are "tainted by the dirty transaction."

    At this point, reputable companies who trust that particular police authority will only accept "tainted money" based on the "clean" portion of its value. Those who happen to be stuck with the "dirty money" are pretty much out of luck, in much the same way that I am out of luck if a store clerk accepts a very good counterfeit $5 bill from a crook then later innocently hands it to me in change later that day.

    Yes, this setup has many flaws, but it's better than the status quo. Some obvious flaws include:
    * it's currently not feasible
    * there are many police authorities, and people trust them to different degrees, so the BC in your wallet may have a different value depending on who you want to do business with.
    * Whoever has coins "descended" from tainted coins at the time they are announced as tainted will be stuck with the loss
    * There is no built-in appeal for a police authority declaring a particular transaction "illegal" and declaring the coins received in that transaction "tainted". The only deterrent is that if a given police authority gets too sloppy or too abusive, fewer and fewer people will honor its declarations.
    * There are no doubt other flaws, this is just the ones that came to mind immediately.

    Of course, the real solution to ransomware is backups, backups, backups, but we all know that's not going to happen any time soon. Sigh.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.