Ransomware Line Crossed: Hackers No Longer Decrypting after Payment

June 6, 2016 Arctic Wolf Networks

Ransomware. It’s the bane of the IT world, so much so that it’s ended up on the FBI’s radar. Also called encryption malware, ransomware extorts its victims by encrypting files and then demanding a ransom before freeing the data. In recent months, no sector has been hit harder than health care. If there was one iota of comfort about ransomware, it was that hackers seemed to be playing by their own rules.

On May 23, that single iota of comfort met a swift end.

Kansas Heart Hospital: The game changer

Upon being infected with ransomware, Kansas Heart Hospital in Wichita was backed into a corner. It could either pay an as-of-yet undisclosed sum of money, or it could accept that it would never see certain files again. Under the assumption that the hackers would acquiesce – as they did a few months ago when a Hollywood hospital met cyberattackers demands – they paid the requested ransom. It’s always risky giving in to hackers’ demands, and this time, that risk quite literally did not pay off.

Brazenly, the cyberattackers did not decrypt all the files, and they came back at the hospital with yet a second ransom demand. This isn’t the fist time hackers have stiffed a victim. Last year, an email encryption service called ProtonMail was hit by a distributed denial-of-service attack, paid the requested $6,000, only to continue to be barraged by the DDoS attackers. However, it is the first high-profile case of ransomware in recent memory, if ever, in which hackers hiked up their demands.

In 2015, the FBI actually recommended that in the event of ransomware, it’s in a company’s best interest to pay up, according to Business Insider. As far as honesty among thieves goes, hackers making good on their word sort of makes sense from a business perspective. Organizations are more likely to pay a ransom if they believe that they will in fact get their files back – which Kansas Heart obviously did not.

In this way, the event sets a precedent: There’s no guarantee that hackers won’t ask for more money. This is terrifying because it raises the stakes of ransomware. At the same time, it may be the grain of rice that tips the scales. If organizations feel that paying hackers is no longer a viable option, they might actually invest in measures that can prevent and mitigate the damage of ransomware. The million dollar question is, is there a solution that can do that?

Managed detection and response services stop ransomware

“MDR services help fight ransomware by detecting early signs of it.”

The answer is yes, and the name of the solution is managed detection and response services (MDR). Its purpose, like SIEM, is to monitor corporate networks for signs of known and unknown threats, and like a security operation center, a team of security engineers mans the helm.

MDR services help fight ransomware by detecting early signs of it, like flagging email messages with attachments that are received in multiple employees’ inboxes at 2:30 a.m., and are sent from a foreign country. Or maybe, an unknown program has just been executed on a specific machine. In either scenario, MDR would detect and prevent the incident from doing damage so that no ransom would have to be paid.

There’s hope yet for hospital networks.

Previous Article
The Only Thing Worse Than Getting Hacked Is Not Knowing about It

As the number of attack vectors increases, businesses will have a harder time preempting every possible sou...

Next Article
Bankers Beware: More Breaches May Be on the Horizon

In the wake of a historic heist, a second digital bank robbery has just occurred. Why stop at two?


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!