One day early this year, employees at a hospital in Hollywood found their computers completely unusable. The hospital’s system had been taken over by malware, forcing doctors and nurses to resort to pen and paper to register new patients and keep records. The cyberattack came with a digital ransom note: Pay $17,000 in Bitcoins, an unidentified hacker demanded, or consider the data gone forever.
After a little more than a week, the hospital paid up. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” the hospital’s CEO said at the time. “In the best interest of restoring normal operations, we did this.”
The hospital’s price tag may seem high, but paying thousands to unlock ransomed data is actually quite common.
Last week, IBM released the results of a survey that looked at people’s attitudes toward ransomware. Among 600 U.S. business executives, nearly half said they’d experienced attacks. And fully 70 percent of those who’d been attacked said they paid to get their data back.
Compared to the ransoms those companies paid, the Hollywood hospital’s payment wasn’t remarkable: 45 percent of companies that paid ransoms coughed up more than $20,000 to get their files back, and 20 percent paid hackers more than $40,000.