Held by ransomware: Should you really pay criminals to get your data back?

'There’s a huge debate about whether to pay the ransom or not'
By Tom Sullivan
09:28 AM
Share
Pile of money

Ransomware attacks and tools are on the rise and perhaps more so than has been widely understood thus far.

The gist: Hackers crack into a network via malicious URLs or malware, find data they can encrypt with relatively low-cost tools, and then demand either money or Bitcoins to return it.

"I see ransomware a lot," explained Johns Hopkins Chief Information Security Officer Darren Lacey. "A few times a month." 

Penn Medicine associate CIO John Donohue has also been seeing an uptick in ransomware attacks, he said Monday at the Healthcare IT News Privacy and Security Forum in Boston.

For Johns Hopkins, Penn and other healthcare organizations that have had their data hijacked by criminals demanding money or Bitcoins to return it, the pressing question: Is it better to succumb to such demands or not? 

"There's a huge debate about whether to pay the ransom on  not," said Denise Anderson, executive director of the National Health Information Sharing and Analysis Center, or NH-ISAC, a non-profit dedicated to protecting the health sector from physical and cyber attacks.  

[See also: Live updates from the Privacy and Security Forum in Boston.]

To be clear, most ransomware attempts are weak or ineffective. Whereas Anderson said she knows of small municipalities that have been forced to pay, for the most part she's not seeing the attacks so successful that victims basically have no choice. 

Donohue explained that the decision all depends on what data the attackers are holding. If criminals have locked some of Penn's information hostage, Donohue continued, but Penn still has a backup of those particular data sets, there's no reason to pay.

Data that is really gone is another story altogether and in some cases paying criminals might actually be the only option – though to be realistic those appear to be few and far between to date. 

Lacey said he would pay if the situation called for it but thus far, instead, he has been able to rebuild from back-ups. 

What healthcare providers have in their favor, at least for now, is the fact that attackers typically use relatively simple low-cost tools. Anderson rattled off a list of popular ones: Cryptolocker, Cryptowall, Cryptodefense, Torentlocker and Darkleach. 

"They're not using sophisticated tools to get into the systems and lock them up," Anderson said. "It's on us to establish safe policies and procedures." 

Clarke explained that while "ransomware is on the rise," potentially worse attacks wherein criminals erase the data entirely are not yet common, but as hospitals tackle ransomware issues it would be wise to consider wiper attacks as well.

Are you seeing ransomware or do you already have the threat under control? 

Related articles:

CISOs: Healthcare's new rock stars

7 cyberthreats worse than PHI breaches 

Cyber security market set to grow big time