When an unfortunate PC user at home becomes a ransomware victim, the bad guys might demand a couple hundred dollars. When they ensnare an entire hospital, it gets a whole lot more expensive.
The cybercriminals who encrypted the Hollywood Presbyterian Medical Center’s data are demanding a whopping 9,000 BTC (about $3.6 million right now) for its safe return. Hospital systems have been forced offline for more than a week, and staff are limited to using old paper forms and fax machines to transmit patient information.
The LAPD and FBI are coordinating efforts to discover who’s responsible for the attack, but there are no guarantees. Even if they find out who’s behind the attack, hospital data could already be lost forever. Not every criminal coder who’s thrown together ransomware knows how to implement encryption and decryption, and researchers have already seen at least one strain that accidentally locked files up and threw away the key.
What will HPMC decide to do? Will they pay up to (hopefully) get their data back? Official advice from law enforcement has always been not to give in to extortionist tactics. That said, there’s been more than one police department in the U.S. that decided not to