1. Home
  2. General Telecommunications Forum
  3. Hackers Break Into Virginia Health Professions Database, Demand Ransom

Hackers Break Into Virginia Health Professions Database, Demand Ransom

Hackers Break Into Virginia Health Professions Database, Demand Ransom

By Brian Krebs

Washington Post May 4, 2009

Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.

Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.

...

formatting link
formatting link

Reply to
Monty Solomon
Loading thread data ...

Or the organisation merely restores the data from their daily backup for just the cost of time and inconvenience. At worst one day's changes may be lost - hardly worth $10M.

-- Regards, David.

David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.

***** Moderator's Note *****

The amount they demanded was just for bragging rights: it was crack by some script kiddie who didn't have much imagination, plus the usual "If it bleeds, it leads" fearmongering by the television stations.

If he had had the brains to demand a more realistic amount - say, $3,000 - _then_ it would have gotten interesting.

Bill Horne Temporary Moderator

Reply to
David Clayton

The state should simply pay the ransom, then have police on-scene when the money is delivered. There's no way the bad guy(s) can collect it without exposing themselves; that's why kidnapping for money no longer occurs in the US.

***** Moderator's Note *****

Maybe they planned on having it sent through PayPal ...

If I were doing that kind of work, I would approach the organization that had been hacked, and offer a "No cure, no pay" contract to recover the data for some relatively minor amount. Assuming they were willing to sign, I'd produce a miracle cure, send them a bill, and make it my business to never, ever rub their nose in it.

Bill Horne Temporary Moderator

Reply to
John David Galt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.