WatchPoint Security Blog

The $3.6 Million Dollar Ransom –  Learn from the Mistakes of Others

Written by Nathan Studebaker | February 19, 2016


The Verge recently published an article, announcing that a Los Angeles hospital was the victim of a data breach using ransomware. In most cases, a ransomware hacker charges several hundred dollars, and in some cases a few thousand dollars, to release the data. In this case, the ransom is $3.6 million dollars, which is unprecedented. Such a large price tag begs the question, why are they asking so much?  

Well, it’s certainly no coincidence. The hostage takers know exactly how much data they’ve compromised, they know exactly who their victim is, and they know that $3.6 million is an amount their victim could afford to pay.  

The Negotiation

The hospital ended up paying $17,000 in bitcoin to the hackers. Certainly not the $3.6 million they had asked for but none-the-less a very successful enterprise for these cyber criminals. 


What can we learn from this?

First of all, this is a classic example of a hack; there is nothing new here. Secondly, social engineering works very well, which is why it’s still being used: 

Compromise happens within minutes, not days or weeks.  In the cyber security realm, we have something called the golden hour. If you are not able to Observe, Orient, Decide, and Act on a threat within the first hour, you are done before you even begin.

Practical Advice

Somewhere, somebody is probably saying to this hospital’s CSO, see I told ya so… but hindsight is always 20/20. Going forward what can this hospital do, and what can your business do to better protect yourselves? Great question – I’m glad you asked! Here are a few things you should absolutely be doing if you want to avoid a situation like this. This is by no means a comprehensive list, but it’s something actionable and a great place to start.

Step 1: Education All of your employees should be receiving annual cyber security training. The training should show the audience an example of a spear-phishing attack so they can see just how easy it is to forge an email. It’s a common attack with a high success rate, which is why it’s very important to be educated on it.

Step 2: Defense-in-Depth strategies should be implemented in your organization. Defense-in-Depth involves overlapping layers of prevention and security. The size of your organization doesn’t matter; any company can do this. How far you develop each layer depends on your budget and your risk. Inherent risk is always present, but you adopt modern defense strategies in order to drastically reduce your risk. Failing to adopt and implement these strategies is most likely what happened to this hospital. 

Step 3: Have a disaster recovery plan. The fact that the hospital had to pay the ransomware is a clear indication that they didn't have good backups. And periodically test your backups to make sure the data is recoverable.

Step 4: Endpoint Security. Hackers paratroop onto your endpoints through spear-phishing and other social engineering attacks. Doing so gives them an advanced position behind your perimeter defenses. Since you cannot stop what you cannot see you need to properly arm your endpoints.

 


CONCLUSION:

Software like Carbon Black is an example of an endpoint protection product that is capable of stopping today’s threats. WatchPoint’s Comprehensive Cyber Security solution harnesses the power of Carbon Black by combining advanced endpoint protection with expert security analysts and incident responders. Click the video below, and in just two minutes you can learn how WatchPoint is protecting businesses from today’s cyber threats.