Pay a ransom, get your data back

Hollywood_Presbyterian_Medical_Center_2015-05-10.jpg
Hollywood Presbyterian Medical Center — the latest to fall victim to these attacks.  Nova Safo
Hollywood_Presbyterian_Medical_Center_2015-05-10.jpg
Hollywood Presbyterian Medical Center — the latest to fall victim to these attacks.  Nova Safo

Pay a ransom, get your data back

WBEZ brings you fact-based news and information. Sign up for our newsletters to stay up to date on the stories that matter.

A Los Angeles hospital has become the latest high-profile victim of a ransomware attack.

Hollywood Presbyterian Medical Center announced that it had paid $17,000 to hackers to regain control of its computer system. The hospital had been operating without it for 10 days.

Ransomware is a particularly pernicious hack. It is a type of hacker attack known as malware and can infect computers randomly through a visited website or directly target a person or organization through a well-crafted email. Hackers might have carefully researched social media accounts and relationships to ensure an email message — and an attached file — is opened.

Once ransomware enters a computer or computer system, it can either lock out users or encrypt files to make them unreadable without a digital key.

“Ransomware is basically an encryption program,” said Bruce Schneier, a cybersecurity expert at Harvard’s Berkman Center. “It breaks into your computer. It encrypts your files. And then it doesn’t let you at them.”

Because hackers are employing modern, highly sophisticated encryption, which ironically was designed to protect data, fighting a ransomware attack can be virtually impossible.

Hackers have also become increasingly sophisticated in hiding their identities. The L.A. hospital had to pay hackers in bitcoins, which are harder to trace.

That leaves many victims of ransomware in the same predicament: either to accept the loss of the data on their affected computers or to pay the hackers for the key to decrypt their files and restore access.

Cybersecurity experts say over the last several years, ransomware hackers have become increasingly sophisticated in using psychology and other methods to encourage victims to pay. For example, they design their ransom to be more palatable than the alternative.

“You want to ask for a number low enough that the victim will pay, and high enough to be profitable,” Schneier said.

According to security firm Symantec, the average ransom was $300 and about 3 percent of victims paid. But because most pay quietly, Adam Kujawa, head of malware intelligence at the cybersecurity firm Malwarebytes, believes the number is a lot higher. Kujawa’s firm provides security software to help detect malware attacks, including ransomware.

Kujawa said one of the reasons victims of malware choose not to disclose themselves is the sophisticated psychological techniques hackers employ. For example, they may falsely accuse victims of downloading child pornography on a locked-screen message that appears on a computer’s display until a ransom is paid, Kujawa said.

The best recourse, according to cybersecurity experts, is to back up data. In the event of a ransomware attack, companies and individuals could then simply reformat their computers (scrubbing them clean) and reinstall data from backups.

“What we’ve always told people in the security community is do not pay the ransom. Never ever pay the ransom,” Kujawa said. “But unfortunately some of these companies, and some of these users, have not employed backups. They have no way of getting the information back, other than just paying.”

It’s also important to update computer software, so that they are not susceptible to the latest known malware.

“People are not always as careful about protecting their machines as they could be … or they don’t run up-to-date antivirus,” said Michael O’Reirdan, chairman emeritus of the Messaging, Malware and Mobile Anti-Abuse Working Group.

O’Reirdan said there are a lot of guesses as to how big the ransonmware problem has gotten, but because many companies and individuals don’t report the attack, accurate statistics do not exist. Still, Symantec said it detected almost 9 million ransomware attacks in 2014, which was more than twice as many as the year before.