Clinic Pays Ransom After Backups Encrypted in Attack
A small Missouri clinic admits paying a ransom to unlock data after a ransomware attack in August encrypted patient data on a file server, as well as backups. … some healthcare entities can’t afford long disruptions to patient care, so they choose to pay the ransom in hopes of a quick recovery of data. “How long it takes to recover a backup depends on two key things: how much data has to be restored and the source of the restore,” says Keith Fricke, partner and principal consultant at tw-Security.
“Ransomware that encrypts thousands or tens of thousands of files on network file shares can take 12 to 16 hours or more to recover. If the restore is from tape backup, that takes longer than restoring from a replicated disk-to-disk backup.” Still, it may take just as long to recover encrypted data by purchasing the decryption key because the ransom has to be paid by digital currency such as bitcoin, Fricke notes. “If the organization is not set up for bitcoin transactions that can take several days to get in place,” he says. In some cases,….