“By 10:30 in which night we had shut down every single computer in which we had along with all our servers,” Long recalled about the Thursday night in January. “By midnight we successfully shut off every computer inside the organization along with commenced through scratch. This kind of’s surreal.”
By 4 a.m. on Friday, Long along with his team had recruited Indianapolis-based cybersecurity firm Pondurance to identify the cause along with scope of the attack along with eradicate the imminent threat.
Pondurance co-founder Ron Pelletier said the first priority was to contain the intrusion along with evaluate what was affected. Together with the FBI, which was called in to help pinpoint the origin of the attack, Pondurance experts determined in which there was no easy way to erase the encrypted data through Hancock’s system along with replace This kind of with clean data through the backup system.
Taking into consideration the flu outbreak along with the snowstorm, Long made the executive decision to buy the decryption keys through the hackers. Late Friday night, Hancock bought the keys by transferring four bitcoin.
Bitcoin’s was selling above $13,500 in which day, bringing the estimated total Hancock paid to about $55,000.
“Criminal organizations at This kind of point are treating This kind of like a business,” Pelletier said. “They’re going to plan, they’re going to make sure they understand how they’re going to execute along with then they’re going to set out along with see where they can execute.”
Cybercriminals typically use the fourth quarter of the year to seek out “low-hanging fruit” along with plan their attack, Pelletier said. Then, inside the first quarter, particularly between February along with April — a time Pelletier has come to refer to as “breach season” due to the uptick of cyber incidents — they put their plan into action.
“Hancock can be one organization of many in This kind of period in which This kind of happened to,” Pelletier said.
While the investigation into Hancock’s attack can be ongoing, none of the network’s patient data appears to have been stolen, which Pelletier said was an indication in which This kind of particular group saw ransomware as a more effective way of getting paid.
“If you think about the numbers of breaches in which have occurred in general, [This kind of’s] millions along with millions of records,” Pelletier said. “The dark web becomes a supply along with demand issue at some point — I can try to monetize PHI [personal health information] by selling This kind of on the dark web, or I can probably make maybe less, although a more expedited payment if I do something like ransomware.”