Slashdot Mirror

← Back to Stories (view on slashdot.org)

L.A. Hospital Pays Off Ransomware Thieves To Reclaim Its Network (google.com)

Posted by timothy on from the let-me-guess-the-operating-system dept.

Los Angeles' Presbyterian Medical Center, the target of a successful ransomware attack (successful from the thieves' point of view, that is) has buckled under: to regain control of its network, the hospital has paid a 40-bitcoin ransom (about $17,000) to the gang responsible. That, at least, is a far cry from the much higher ransom widely reported to have been initially demanded: 9,000 bitcoin. (That would have meant a payment of $3.6-3.9 million.)

11 of 159 comments (clear)

  1. Preeeecious by Tablizer · · Score: 4, Insightful

    They fed the trolls.

    --
    Table-ized A.I.
  2. How much is that in commodity medical supplies? by xxxJonBoyxxx · · Score: 5, Informative

    >> the hospital has paid a 40-bitcoin ransom (about $17,000)

    That's about 340 tablets of hospital aspirin or 680 hospital bandaids for those counting at home.

    1. Re:How much is that in commodity medical supplies? by Rinikusu · · Score: 5, Funny

      17 of those Shkreli specials.

      --
      If you were me, you'd be good lookin'. - six string samurai
  3. So, will they ever spend these bitcoin? by JoeMerchant · · Score: 4, Interesting

    And, can the FBI monitor the blockchain to get IP addresses where these coins were accessed from when the hospital handed them over?

    1. Re:So, will they ever spend these bitcoin? by Time_Ngler · · Score: 4, Funny

      Only if they can get the courts to force a silicon valley company to do it for them

  4. Backups? by Anonymous Coward · · Score: 5, Informative

    Good god, doesn't anyone keep backups anymore?

    1. Re:Backups? by Solandri · · Score: 5, Interesting

      A friend of mine runs a multi-million dollar construction supply company and her work computer got hit with a ransomware virus. As she is manager/accountant, it was pretty serious. Fortunately she had a competent IT staff which regularly backed up her system . So they just pulled her computer offline (so it couldn't spread to other systems), and restored everything to a new computer (this is why companies like to buy a bunch of identical Dell systems). And she was back in business the next day.

      Except for one file which she had been working on the day the ransomware hit, and thus hadn't been backed up. As it turned out, the ransomware authors had programmed it to allow the victim to decrypt one file - to prove that it could in fact be decrypted, and hadn't just been deleted. So she of course chose that file to decrypt, and ended up with no data loss. The only loss was she couldn't work for a day.

      That's why you never hear stories of competent IT saving the day. When they do, it's a non-event about as serious as someone calling in sick for a day. It's only when they fail that the problem becomes serious enough to be news-worthy.

  5. Re:Now What? by Shadow99_1 · · Score: 5, Informative

    lol, I've seen some major hospitals that have 2 entire IT people on staff (an admin and an assistant)... I applied for a network admin position at a hospital with 2 IT employees (though I didn't know that until the interview) for 400 employees and well over 300 connected systems (from tablets doctor's used, to connected hardware, routers, and servers of various types, as well as dedicated workstations for nurses). They also used highly specialized systems that were extremely complex. Oh and did I mention satellite officers for doctor's that are part of their network, but not onsite? Yeah... Huge mess there.

    Because obviously all this tech in a modern hospital can just work on it's own. No one ever wants to keep enough IT staff on hand to deal with regular maintenance because that would take away from executive bonuses. Hospitals are not any different, even as they are required to push further into the digital realm. This is the direct result. Oh and they don't even usually pay that well. Heck I think half the interviews I've had with companies lately are just to 'prove' a native worker wasn't 'qualified' to do the job even though my resume is solid. Good luck to the sucker form India getting those jobs.

    --
    we are all invisible unless we choose otherwise
  6. Re:At that price... by Jeremi · · Score: 5, Insightful

    Of course, this does assume that the ransomers won't come back and ask for more money next week.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  7. Re:At that price... by MtHuurne · · Score: 5, Informative

    It's a short-sighted solution though. Their systems are still vulnerable, probably even still infected. And they validated the business model of the attackers, so more attacks will be coming.

    Also, while the CEO insists that hospital records were not compromised, I'm reading that as "the attackers weren't interested in hospital records", not "the hospital records were safe".

  8. Re:At that price... by arbiter1 · · Score: 4, Insightful

    Or that the theives didn't already download a ton of patient data off their machines which since they accepted such low amount from what they wanted sounds like they got enough info to make a ton of $ off identity theft.