L.A. Hospital Pays Off Ransomware Thieves To Reclaim Its Network

Los Angeles' Presbyterian Medical Center, the target of a successful ransomware attack (successful from the thieves' point of view, that is) has buckled under: to regain control of its network, the hospital has paid a 40-bitcoin ransom (about $17,000) to the gang responsible. That, at least, is a far cry from the much higher ransom widely reported to have been initially demanded: 9,000 bitcoin. (That would have meant a payment of $3.6-3.9 million.)

Re:Backups?

[Solandri]

A friend of mine runs a multi-million dollar construction supply company and her work computer got hit with a ransomware virus. As she is manager/accountant, it was pretty serious. Fortunately she had a competent IT staff which regularly backed up her system . So they just pulled her computer offline (so it couldn't spread to other systems), and restored everything to a new computer (this is why companies like to buy a bunch of identical Dell systems). And she was back in business the next day.

Except for one file which she had been working on the day the ransomware hit, and thus hadn't been backed up. As it turned out, the ransomware authors had programmed it to allow the victim to decrypt one file - to prove that it could in fact be decrypted, and hadn't just been deleted. So she of course chose that file to decrypt, and ended up with no data loss. The only loss was she couldn't work for a day.

That's why you never hear stories of competent IT saving the day. When they do, it's a non-event about as serious as someone calling in sick for a day. It's only when they fail that the problem becomes serious enough to be news-worthy.