While a California hospital could have potentially went to backups to recover, they negotiated a $17,000 payment to decrypt key computers.  It was seen as the least expensive renemdy to bring systems back online without rebuilding systems and network controls. These encryption based attacks are increasing and data backups are critical along with strong malware detection and prevention controls.

https://threatpost.com/hollywood-hospital-pays-17k-ransom-to-decrypt-files/116325/

After being knocked offline for nearly two weeks, officials at a California hospital that was hit with ransomware elected on Wednesday to pay attackers.  The Hollywood Presbyterian Medical Center (HPMC) shut down computers on its network on Feb. 5, after attackers allegedly asked for 9,000 Bitcoin, or just over $3 million USD, to unlock medical files stored on its system.

While the hospital didn’t pay anything close to that figure, they did pay 40 Bitcoin, or roughly $17,000 USD on Monday this week, according to a notice published last night by the center. HPMC president and CEO Allen Stefanek defended the hospital’s actions, saying it was the quickest way to solve their problem.“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek wrote, “In the best interest of restoring normal operations, we did this.”

While surprising, the move actually echoes sentiments made by Joseph Bonavolonta, Assistant Special Agent in Charge of the CYBER and Counterintelligence Program in the FBI’s Boston office, during a conference last fall.“To be honest, we often advise people just to pay the ransom,” Bonavolonta told a crowd at the Cyber Security Summit in October.