<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

Ransomware as a Service Providers Only Take Bitcoin

Greg Mooney| May 24 2016

| Security

ransomware-as-a-serviceIf you are looking to subscribe to one of the hottest software as a service (SaaS), keep in mind that you may have to pay in bitcoin. Why bitcoin? Because hackers don’t take American Express. I’m talking about ransomware as a service (RaaS). The most recent victim of RaaS is Kansas Heart Hospital.

What is Ransomware as a Service?

For those of you who aren’t yet familiar with ransomware it’s basically malware with a twist. Once it has infected your computer system it will display a message that restricts access to part or all of your systems. In many cases the ransomware will have already encrypted your files. In order to get the encryption key and retrieve your data you need to follow a specific set of instructions that involve monetization into bitcoin and a payment deadline or else you risk losing the ransomed data forever.

Related Article: In the Healthcare Data Revolution, AI Looms Large

We’re almost halfway through 2016 and we can be rest assured that 2016 will be named the year of ransomware. And it will only get worse if healthcare companies around the country don’t find a way to prevent this nasty type of malware from infecting their networks. Since IT policy and data security aren’t at the top the to-do list of many healthcare executives, businesses may be tempted to pay the hackers. It makes sense if mission critical systems that determine life and death are down.

Protection Against Ransomware

So how do healthcare IT pros deal with this rising cybercrime epidemic? Unfortunately, the answer isn’t as easy as setting up a demilitarized zone (DMZ) within your business infrastructure. Although important to have, antivirus and firewalls will only protect a small percentage of your network. Locking down user access to only essential folders and files and employee awareness training isn’t going to guarantee results, but heck, it’s a start.


Your users are busy. You’re busy. We get it. Fire drills happen every day that take away from strategically thinking about ways to tackle more complex, long-term issues like socially engineered phishing attacks that lead to inadvertent ransomware infections.

There’s no hindsight in an IT toolbox. When Cerber starts asking your staff for bitcoins, you’ll be wishing you had 20/20 vision. Don’t wait for a ransomware infection before deciding what medicine to take to stop the bleeding.

Related Article: Prescription for Healthcare Data Encryption

The point is that many of these attacks can be prevented with awareness, diligence and accountability. You may have to get creative in how you roll out an IT security plan, but it’s necessary. Everyone in a business is accountable for security and it should never rest entirely on the shoulders of IT. And let’s face it, email should never be considered a safe form of communication. Let along a ubiquitous one. Maybe we can help.

During our upcoming June 2nd webinar John Houston, VP of Privacy and Information Security at UPMC, will be sharing strategies healthcare IT professionals can embrace to make their businesses more secure.

Need more guidance on information security and compliance? Download this free eBook to learn more. 

Topics: Security

Leave a Reply

Your email address will not be published. Required fields are marked *


Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.