Losing important work documents or albums with photographs of your family because you have unsuspectingly clicked on a malicious e-mail attachment can be very damaging and stressful. Now imagine that you have lost not only your data but also the very sensitive data of thousands of other people.
This is a threat that hospitals around the world are facing each day, with some of them ultimately falling victim.
Cybercriminals employing ransomware as part of their hacking campaigns are extorting users, demanding a hefty ransom in the form of cryptocurrency. They promise to give you a decryption key to recover your data, but you can never be certain whether the criminal will keep this promise. While some user may get lucky, others will not only lose their data but also their money.
Experts usually recommend not paying the ransom, as this also encourages the hackers to continue targeting more potential victims. The decryption keys for some ransomware variants are later made public, for example, thanks to authorities and their investigation. So even if you don’t pay the ransom, your chances of getting the data back are not completely over.
But in the case of hospitals or businesses, making the right decision can be much more difficult. Especially when the ransom is much higher and on top of that, the hackers are trying to improve their odds by other malicious activities.
Some hackers are threatening the hospitals with swatting, as The Register reports. A specific example is Seattle’s Fred Hutchinson Cancer Center which was hacked in November. The hospital confirmed for The Register that it “was aware of cyber criminals issuing swatting threats”, and that FBI and local police started an investigation.
Swatting is the tactic of contacting police with a false report, ultimately triggering a SWAT team to come to the targeted location, for example, the house of an innocent victim.
In a different case at Oklahoma’s Integris Health, the patients were targeted and threatened with having their data sold on the dark web.
These are just some of the extreme tactics used by hackers to monetize their illegal efforts. Many others are being actively used – for example, targeting the relatives of people being extorted – and many others will surely come.