Yesterday the US Computer Emergency Readiness Team (US-CERT) issued a warning regarding ransomware. Their goal was to provide the public with information on ransomware, “specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.” The warning comes after a number of hospitals have had their computer networks infected with ransomware. 

Typical ransomware infects a user’s computer and restricts access to their files, encrypting the files and rendering them inaccessible. Additionally, the infected computer retains little or no functionality. Users are provided with instructions on how to pay the ransom to remove the encryption but this doesn’t guarantee a positive outcome. Included in the US-CERT warning was this advice regarding ransom payment: “Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.”

This past February, Hollywood Presbyterian Medical Center declared a state of “internal emergency” due to a ransomware attack. Staff reported being unable to access required documentation to ensure proper patient care, including lab results, x-rays, and CT scans. Archived medical records were also rendered inaccessible by the computer infection. This is an important aspect of ransomware, using the value users place on their files against them. In the case of personal computers, users fear losing their photos and videos so the ransom payment is contingent on their emotional attachment. In the case of the hospital ransomware infections, payment of the ransom is based on the informational value of medical records and the threat to patient safety.