An extreme ransomware attack on N.E.O Urology based in Boardman, OH impacted all of its IT system. The ransomware brought about extensive file encryption and prevented the healthcare provider from accessing its computers and patient files.
The attackers sent a notification via fax to N.E.O Urology demanding a ransom payment worth $75,000 in exchange for the encryption keys. After consulting with its IT service provider and looking at the options and risks, the healthcare provider decided to pay the ransom.
The IT service provider contacted the attackers via a third party, paid the ransom and obtained the encryption unlock keys. Despite having the decryption keys, the medical practice still took three days to recover its computer systems as a result of the severe attack and extensive encryption. The preliminary investigation revealed that the attackers were from Russia.
The Urology Practice took a great risk in paying the ransom. In some cases where a ransom is paid, the attackers cannot unlock the files or would choose not to undo the encryption. The FBI’s recommendation is not to pay any ransom as it only encourages more attacks. Nevertheless, if there’s no other means to recover the data, there’s no choice but to pay the ransom. N.E.O Urology advised the police department that it was losing $30,000 to $50,000 each day because of no computer access.
Ransomware attacks considerably diminished in 2018, however in Q1 of 2019, attacks increased by 195%, according to Malwarebytes. Over 70% of the attacks involved small businesses. Attackers like to target healthcare organizations more than other industries because of their need for continuous access to databases and patient files.
The failure to recover files from backups and not paying a ransom could have serious outcomes. Early in 2019, a ransomware attack on Brookside ENT and Hearing Center resulted to the encryption of patient records. The attackers deleted all encrypted files because the practice refused to pay the ransom. The owners just chose to retire early and close the practice instead to having to rebuild it from scratch.
To be sure you do not become victims of cybercriminals, it is important to have an effective backup strategy. Create multiple backup copies, keep one copy off-site in a protected location without network access and test your backups if file recovery is attainable in case of an attack.