Published: March 14, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Karma may be the only revenge against the hacking group that victimized 110 nursing homes across the country with a ransomware attack. Virtual Care Provider Inc., (VCPI) announced they were hacked with Ryuk ransomware that encrypted all nursing home data files, including the health records of every resident in the affected facilities. The Wisconsin based company is responsible for all data management for the 110 nursing homes, including medical records, email, internet, phones, billing, payroll, and more. The attackers demand $14 million in Bitcoin to restore the encrypted files. VCPI confirms the entirety of its data is encrypted by the attack, estimating 80,000 computers and servers used to run facilities in 45 states remained frozen until the ransom was paid.
While the investigation into the Ryuk attack is ongoing, security experts found the initial hack may go back to September of 2018. Ryuk typically gets access to computers with an email phishing campaign using Trickbot malware. Once Trickbot is installed, Ryuk goes to work. Before they strike the target, the hackers calculate how much ransom the victims can afford to fork over to get their encrypted data back. However, in the case of VCPI, the calculations were terribly inaccurate and overrated. The company says they are unable to pay the $14 million Bitcoin ransom to restore the heisted data. Ransomware victims struggle with the decision to pay a ransom or not, with the FBI claiming that paying a ransom demand only encourages more attacks. Plus, there’s no guarantee that unscrupulous attackers will ultimately hand over the key that’s necessary to decrypt the ransomed data.
According to the FBI, ransomware attacks using Ryuk are becoming more prolific. They estimate more than 100 U.S. and international businesses were targeted by the malware since August 2018. The simple strategy behind ransomware is: The more critical the data, the more likely the ransom demand will be paid–and quickly. Bad actors prey on healthcare organizations because lives literally depend on access to vital data. That's why it's so important to keep accurate and functioning backups of all such vitals.
VCPI says since all medical records are now held hostage, residents are even having trouble getting their medications filled. Should residences close in a situation such as this, it’s unknown what will happen to the residents who have nowhere else to go. Since cybercriminals are difficult to identify and rarely undergo prosecution, karma may end up being the only justice they face.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org