A LOS ANGELES HOSPITAL has paid out a ransom to hackers in a move that it hopes will preserve the privacy of its patients.
But it took a risk in trusting that the attackers will do the good thing and not just use this as a crowbar into repeated and persistent demands.
The Hollywood Presbyterian Medical Centre sounds fancy, and it may well be, but the hospital had been locked out of its computers since 5 February.
The shaken quacks were beaten by the cyber sickness and coughed up $17,000 worth of bitcoins to soothe their attackers, according to a report on Sky News. The Hollywood Presbyterian Medical Centre confessed to this in an open letter (PDF).
Experts and law enforcement were called in to assist in an investigation, but the hospital decided to press the big red Pay button and acquiesce to the hackers' demands.
"On the evening of 5 February our staff noticed issues accessing the hospital's computer network. Our IT department began an immediate investigation and determined we had been subject to a malware attack," said the letter signed by Allen Stefanek, president and CEO of the hospital.
"The malware locked access to certain computer systems and prevented us from sharing communications electronically. Law enforcement was immediately notified. Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online.
"The reports of the hospital paying 9,000 bitcoins, or $3.4m are false. The amount of ransom requested was 40 bitcoins, equivalent to approximately $17,000. The malware locks systems by encrypting files and demanding a ransom to obtain the decryption key.
"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this."
Troy Gill, manager of security research at AppRiver, told us that this might be a bad idea and that paying out could set an unhelpful precedent.
"Feeding the fire by paying these guys should be avoided if at all possible. If you've been the victim of a ransomware attack, and you're contemplating paying the ransom, keep in mind that the only reason these thieves keep making these attacks is because people pay them," he said.
"If all of the victims stopped paying ransoms, they wouldn't have a successful business model, whose core objective is to steal your money.
"Also, there is no honour among thieves so don't be surprised if they take your money and never give you the key to unlock your files."
The Hollywood Presbyterian Medical Centre ain't alone. A recent survey of this sort of thing found that a quarter of firms would pay as much as £1m to dig themselves out of a ransom demand. µ
Not all it's Mac'd up to be
X marks the smart home
The lens said the better