Hollywood Presbyterian Medical Center has been recently forced to pay $17,000 worth of bitcoins to the hackers. The hospital noticed the loss of access to its computer systems on February 5. The further investigation showed that the hackers had installed a virus that encrypted the computer files.
The F.B.I. was investigating the attack, often called “ransomware,” in which hackers encrypt a computer network’s data to hold it hostage, providing a digital decryption key to unlock it for a price.
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom,” said Allen Stefanek, president and chief executive of Hollywood Presbyterian Medical Center. “In the best interest of restoring normal operations, we did this.”
As a result the hospital lost 40 bitcoins, equivalent to around $17,000, to gain access. Good news is that patient care was not affected by the hacking. Bad news – neither law enforcement officials nor the hospital didn’t provide any information about any suspects or someone who might have been behind the attack.
Unfortunately it is not the first example of hackers demanding ransom in bitcoin. In the beginning of December 2015 three Greek banks were threatened by bitcoin hackers. A group calling itself the Armada Collective started with several attacks and demanded a ransom in bitcoin. During the next several days Greek police informed about two more attacks. Criminals promised to fully collapse the banks’ websites if the ransom of 20,000 bitcoin (€7m) from each bank was not paid.
Hackers managed to flood the banks’ websites with multiple requests and as a result the system crashed. It’s necessary to underline that customer personal information remained protected during the attacks. However electronic transactions got disrupted for some time. According to the police, the following attacks didn’t succeed: “As no bank reacted to this first extortion, the same hackers tried again at the weekend and today. But we had strengthened our defense in the meantime, so no disruptions took place.”
By the time of these attacks against Greek banks the Armada Collective had already been known for having attacked vulnerable businesses. The group targeted victims in Switzerland and Thailand as well as several email providers. ProtonMail, HushMail, VFEMail and RunBox were among the recent victims.
Paul Vlissidis, technical director at cyber security group NCC, says that the group claims to be able to do significant damage. At the same time they used to demand quite small ransom – in most cases equivalent of only a few thousand pounds – which is “a level where there’s a temptation just to pay it and make it go away”. However Mr. Vlissidis admits that the fact of these last Greek attacks being Armada’s doing hasn’t been confirmed so far. There is a suggestion that someone can simply imitate the group by using “a similar modus operandi”.