Held by ransomware: Should you really pay criminals to get your data back?

By Tom Sullivan for Healthcare IT News

Ransomware attacks and tools are on the rise and perhaps more so than has been widely understood thus far.

The gist: Hackers crack into a network via malicious URLs or malware, find data they can encrypt with relatively low-cost tools, and then demand either money or Bitcoins to return it.

“I see ransomware a lot,” explained Johns Hopkins Chief Information Security Officer Darren Lacey. “A few times a month.”

Penn Medicine associate CIO John Donohue has also been seeing an uptick in ransomware attacks, he said Monday at the Healthcare IT News Privacy and Security Forum in Boston.

For Johns Hopkins, Penn and other healthcare organizations that have had their data hijacked by criminals demanding money or Bitcoins to return it, the pressing question: Is it better to succumb to such demands or not?

“There’s a huge debate about whether to pay the ransom or not,” said Denise Anderson, executive director of the National Health Information Sharing and Analysis Center, or NH-ISAC, a nonprofit dedicated to protecting the health sector from physical and cyber attacks.

To be clear, most ransomware attempts are weak or ineffective. Whereas Anderson said she knows of small municipalities that have been forced to pay, for the most part she’s not seeing the attacks so successful that victims basically have no choice.

Donohue explained that the decision all depends on what data the attackers are holding. If criminals have locked some of Penn’s information hostage, Donohue continued, but Penn still has a backup of those particular data sets, there’s no reason to pay.

Data that is really gone is another story altogether and in some cases paying criminals might actually be the only option – though to be realistic those appear to be few and far between to date.

Lacey said he would pay if the situation called for it but thus far, instead, he has been able to rebuild from back-ups.

What healthcare providers have in their favor, at least for now, is the fact that attackers typically use relatively simple low-cost tools. Anderson rattled off a list of popular ones: Cryptolocker, Cryptowall, Cryptodefense, Torentlocker and Darkleach.

“They’re not using sophisticated tools to get into the systems and lock them up,” Anderson said. “It’s on us to establish safe policies and procedures.”

Clarke explained that while “ransomware is on the rise,” potentially worse attacks wherein criminals erase the data entirely are not yet common, but as hospitals tackle ransomware issues it would be wise to consider wiper attacks as well.

Are you seeing ransomware or do you already have the threat under control?

Share Article: