Hollywood Presbyterian Medical Center
'We pwned Hollywood hospital': Turkish hackers claim to be behind hospital ransomware attack but security experts have their doubts. Wikipedia Commons

When a Hospital in Los Angeles was held to ransom by a cyberattack that locked down its vital computer systems unless over $3m (£2.1m, €2.7m) was paid, it shocked the world of cyber security by paying up. Now a group from Turkey claiming to be responsible for the hack is taunting the decision calling Americans "feeble" and "weak-willed".

The Hollywood Presbyterian Medical Centre made headlines after hackers infected its systems with malware, taking out its critical network of x-ray scans, lab results and patient data for five days. Those behind the cyber extortion demanded $3.4m to unlock the system and to the surprise of many the hospital ended up actually paying, albeit $17,000 in bitcoin. It was a quick solution but ultimately an unwise move in the war against cyberterrorists.

Until now nobody has claimed responsibility for the attack but a recent post to Pastebin claims Turkish hackers were behind the hack. "We pwned [meaning humiliated] Hollywood hospital" the post was titled, and contained only three lines of text mocking the US and declaring Turkey as a cyber power that is being supported by the US government by giving into ransomware attacks.

What is ransomware?

Ransomware is a form of virus used by cybercriminals to extort money from internet users by 'locking' sensitive or personal data which they will then unlock for a fee – usually demanded in the form of the cryptocurrency bitcoin.

"So thanks to feebleness of weak-willed Americans we became richer and earned $17k! If you read this message you must understand that Turkey is the great cyber-power whose might you have witnessed! If Washington keeps on supporting Kurdish terrorists Turkish hackers will become richer!" it read.

Security experts have their doubts over Turkish hacker claim

However, there is no way to backup the claims of this post as anybody could have easily written this and submitted it — ourselves included (it wasn't us). Security experts assessing the validity of this claim are quick to point out that some hackers often leave red herrings that indict other groups to lead the trail away from them.

"Attribution of cyberattacks is notoriously difficult. Cybercriminals routinely route data through multiple countries and servers within countries, leave false 'evidence' pointing to other groups, and generally attempt to conceal their tracks. It is unclear whether the recent postings claiming attribution are genuine, or deliberately misleading, or simply an entirely different group or individual leveraging the recent publicity. Defenders would be well advised to pay far more attention to technical indicators of compromise (IoCs) rather than hype," said Kevin Epstein, VP, Threat Operations at Proofpoint.

Another cybersecurity expert, Ryan Kelember, has also highlighted the use of certain language in the post that might be a flag this might not a genuine claim.

"While it's not out of the realm of possibility, they have provided zero evidence to substantiate their claim, and are claiming a political motivation that is out of character for the groups behind the recent surge in ransomware. I would also comment that the use of 'pwned' is odd, as this was hardly a sophisticated attack worth bragging about."

Regardless of who was behind the attack the fact the hospital paid up was a win for hackers as it sets the precedent to other cyber criminals that ransomware pays. If you've been targeted by ransomware and not sure whether to cough up, read our feature on what you should do, here.