Hospital pays $55,000 in bitcoin to hackers after 'SamSam' ransomware locks systems

A US hospital paid hackers $55,000 (£39,900) to restore control over its computer systems after they were infected with a strain of ransomware known as 'SamSam'.

Last Thursday (11 January), staff at Hancock Regional Hospital, Indiana, found their computers had been infected with malware, which was demanding bitcoin to regain access. As reported, the hack impacted emails and health records, but no patient data is believed stolen.

Now, as first revealed by local media outlet the Greenfield Reporter, officials from Hancock Health have confirmed that four bitcoins – worth $55,000 at the time – had been transferred to the culprits.

A hospital spokesperson verified the same figure to IBTimes UK on Tuesday (16 January).

Hancock Health CEO Steve Long said hackers in Eastern Europe were to blame, adding that funds were paid because the costly process of recovering back-up data may have taken weeks to complete.

More than 1,000 files were decrypted and, by Monday (15 January) a clean-up was underway, he said.

Interestingly, the hospital stated that the hacker – or hackers – accessed its system through a "remote-access portal" using an "outside vendor's username and password."

Typically, ransomware spreads via malicious email attachments and is clicked by unwitting users. Hospital staff have been instructed to change their personal passwords, the report added.

A statement posted online by Hancock Health read: "At approximately 9:30pm on Thursday, January 11, 2018, an attack on the information systems of Hancock Health was initiated by an as-yet unidentified criminal group. The attack used ransomware, a kind of computer malware that locks up computers until a ransom is paid, usually in the form of bitcoin.

"Through the effective teamwork of the Hancock technology team, an expert technology consulting group, and our clinical team, Hancock was able to recover the use of its computers, and at this time, there is no evidence that any patient information was adversely affected.

"Hancock is continuing to work with national law enforcement to learn more about the incident. We plan to provide additional information to our community regarding this act soon."

The statement did not reference the payment to the digital crooks. In most cases, ransomware infections prove difficult to combat – and they have become increasingly common.

In February 2016, a Los Angeles hospital forked over $17,000 (£12,300) for its systems to be restored after being hit with a file-locking ransomware codenamed "Locky."

And more recently, in May last year, a global malware outbreak dubbed "WannaCry" wreaked havoc on the UK's National Health Service (NHS), causing computer disruption and cancellations.

The majority of law enforcement experts and industry professionals advise against paying hackers' ransom demands, arguing that it helps to fund the cybercriminal underground.