Russian hackers say Japanese hospital paid $30,000 in ransomware attack

Japan, with its rickety old IT systems and locally stored files is ripe for the picking for attacks like this.

It almost makes you think paper records were a good idea!

The paying of ransom to criminals should it’s self be a criminal offence, you are giving aid and sustenance to them. The senior executives of any organisation paying such should face a prison term. They will damn well make sure the cyber security is water tight then.

The group originally demanded $60,000

"Oh no, we won't pay such a huge amount of money to hackers to get our data back!! How expensive!!

Instead, let's do this, its much better..."

The town paid 70 million yen ($472,000) to an IT firm in Tokyo to probe the attack and attempt to restore the encrypted data.

""An expert panel investigating the case concluded in a report in June that the IT business operator is highly likely to have obtained a data restoration program somehow.

"I can only think that the IT business operator had negotiated with the group," said a panel source.""

Hummmmm, it's clear to everyone what is happening here. you got two firms working together and the just earned $472,000.

The IT firm should be arrested. is basically fraud. They are paid to help restore the data. Not collaborate with hackers and allow both side to benefit from the hospital.

It would not be surprising, a lot of Japanese targets have close to zero education for their employees on cyber security, and many don't even have a proper IT department to take care of it. Unless that changes there is going to be a lot of loss of money and data in the near future.

The town paid 70 million yen ($472,000) to an IT firm in Tokyo to probe the attack and attempt to restore the encrypted data.

Uhm.. this was from November of last year. They didnt pay this amount in dollars a year ago. The ￥to $ rate was only around ￥110 to the US $ back then! (Should use the yen rate of when the payment was made, not today!)

Which means they paid a HELL of a lot more, over $600,000.00

Hospitals are for helping people. Hackers targeting hospitals and the records of people who are or have been sick. How low can you get?

Japan always pays the random, hackers know this.

My office does not have any computers. We use fax machines only. Heh, heh...

Absolute dog act to hack and target a hospital for money.

But that's Russians for you.

Something more secure, and yes antiquated about pen and paper.

aaaargh the good ole days. No hackers go break into those files and carry them away.Now just a internet connection, and say you go.

GaijinToday  07:49 am JST

A highly evolved superior nation that still uses floppy disk

nothing wrong with a floppy disc. No different than a USB stick, and if all that info sits on some cloud, it’s just as vulnerable. I’m trying to remember in the 1980s or 90s of whole hospitals, or health care system ransomed, thousands of peoples info being stolen back then, with a simple click of a button.

 No different than a USB stick,

Actually a heck of a lot different, but that's neither here nor there, as in reality fewer and fewer people and businesses are allowing USB's to be connected to their computers/networks, as it is relatively easy to attach malware or some type of virus to a file in one.

Japan, with its rickety old IT systems and locally stored files is ripe for the picking for attacks like this.

Maybe Japan has some work to do, but just yesterday many here were talking about the hospital in Australia which was hacked, and I know it's happened in NZ as well. Hospitals everywhere hold a lot of very personal information about thousands of people and need to up their security in a huge way.

Correction to my previous post... that was an Australian health insurer, not a hospital. Still health information is being targeted and it needs to be protected better.

The mayors bank accounts should be checked….any incoming money from the IT firm that he authorised a payment of 70 million yen?!

Glad it didn’t happen to me. Don’t really understand much about Bitcoins, wallets, mining, how to send or receive. Impossible for me to send money to these people to free up my computer. World is too high tech, just meet in a supermarket carpark and give cash, bartering down the price of course!

quote: The town paid 70 million yen ($472,000) to an IT firm.

I'm clearly in the wrong business.

It is profitable to charge an attacked entity a lot of money, give a bit to the hackers, and get them to restore the system. It may not be ethical, and it may not be legal.

If you lack IT staff/tech, disconnect your intranet from the public internet and use admin staff as a firewall between the two. It's clunky but it works.

No, never pay them, that’s only an invitation for the next hacking attack attempts. It’s better trying to trace them and to hack back , of course the right protection measures beforehand would have been even much better, so that it never could happen, but that doesn’t work 100% and they still might find a loophole. For part of the demanded ransom money you could for example temporarily employ a white hacker or just use some time and effort yourself to trace them down and hack them too. Big companies and institutions or here that hospital, usually should have enough skilled or sufficiently intelligent people who can do that.

Stay strong Japan. Remember your ancestors won the Russo-Japanese War. Keep that strong spirit!

The town paid 70 million yen ($472,000) to an IT firm in Tokyo to probe the attack and attempt to restore the encrypted data.

This is the real crime. Now, that hackers know that the town can some up with half a million dollars, they will be considered an ideal target or others like it, and the next ransom will be higher.

So the paid 472,000 to some IT company for this, who in turn just negotiated the ransom of 60,000 down to 30,000 and profited over 400,000?

I think the hospital needs to get off the net entirely, and bring back it's army of fax machines, ASAP.

I used to hold Russians in high esteem, nowadays, I think otherwise... actions, speak louder than words in my change of thought.

And yet the after the "My Number" fiasco already being hacked before, they now want to digitalize it to be connected to your Health Insurance, Drivers License and everything else to be hacked.

This could just be someone running a malicious email attachment marked "Microsoft Update" on a PC. It won't necessarily be a "hack" through a firewall or other security measure. The hospital may or may not have a good firewall, and it may or may not have staff who open email attachments or click on dodgy links in emails.

Sven

If it's a choice between paying hackers $500,000 or having to pay millions more (to rebuild the lost data, as well as penalties and damages paid to clients etc.), it's easy to see why some would take the cheaper option.

In Mother Russia, they don't care about attacking hospitals