The Kansas Heart Hospital in Wichita found itself victimized by ransomware recently. Though the actual dollar amount wasn’t revealed, a hospital spokesperson said the ransomers’ demands were fairly modest. They decided to hand over the money, thinking they were going to get back all their data and be left in peace.
That didn’t happen, however. The criminals had a change of heart, and not the kind where they realized they felt bad about what they’d done and graciously handed over the encryption keys. These ransomers figured that since the hospital paid once to get some of its data back that they could hang on to some of the data and demand more money.
They didn’t fork over any more money, but this is exactly why security experts and law enforcement agencies tell people not to give in to ransomware. There’s a very good chance that placing your trust in a criminal is going to backfire. Of course it’s easier to talk the talk than it is to walk the walk sometimes: we’ve read about a few police departments around the U.S. that felt like they had no other option and ended up paying to decrypt their files.
Interestingly, a Kansas Heart Hospital official told local reporters that they “were aware of the ransomware threat and had a plan in place to deal with it” — they had to, given the fact that nearly half of hospitals in the U.S. have been targeted at least once. Being aware and having a plan obviously wasn’t enough.