N.E.O Urology paid $75,000 ransom amount to regain access of the computer systems

N.E.O Urology based in Boardman, Ohio, has experienced a massive ransomware attack, which has impacted their entire IT system. Due to this ransomware attack, widespread file encryption has occurred and the healthcare provider was locked out from its computers as well as patient records.

While this attack was sophisticated, its notification was not. A fax was sent to N.E.O Urology from the attackers, according to which they demanded $75,000 ransom amount to be paid for keys to unlock encryption.

The Urology practice has contacted its IT (Information Technology) service provider and then after assessing the options as well as risks, the final decision to pay ransom to the attackers was taken. N.E.O Urology's IT service provider contacted the attackers via a third-party, and then the ransom amount was paid in bitcoin to obtain keys for unlocking the encryption.

Even after having the decryption keys, the medical practice has taken 3 days to restore their computer systems because of the extent of the file encryption. The attackers were Russian-based suggested the breach investigation evidence that were revealed.

The Federal Bureau of Investigation always advice not to pay ransom, as ransom payment comes with risk. Even after receiving the ransom, the attackers might not able to unlock the files or may even choose not to do it. So, paying ransom is always risky and encourages more attacks.

But, in cases where the data could not be recovered by any other means, there might be little choice and so a ransom may require to be paid. The police department was informed by N.E.O Urology that the medical practice was having losses in between $30,000 to $50,000 per day because they are not able to use their computer system.

Although the ransomware attacks declined in 2018, but there was a substantial increase in ransomware attacks in the 1st Quarter of 2019. According to Malwarebytes, there is 195% increase in ransomware attacks in 2019, and over 70% of the attacks were on the small businesses. The healthcare organizations were an attractive target because of their requirement to have continuous access to the patient records and databases.

» SPAMfighter News - 7/5/2019