A hospital in Indiana got hit with SamSam ransomware last week and opted to pay about $50,000 in Bitcoin for keys to unencrypt more than a thousand files affected by the attack.
Files taken over by hackers included electronic patient records at Hancock Health, located in Greenfield, Indiana.
It looks like attackers compromised credentials from a third-party vendor (have we heard this story line before?) to gain network access and then spread the ransomware through much of the system.
The bad actors using SamSam ransomware are into targeted attacks, generally strike in waves of ransomware crime, and appear to set their price based on the size of the network infection.
Perhaps the hospital looked at reports like this before deciding to pay the ransom. In that case, a different hospital that declined to pay the SamSam ransom during 2017 spent more than the cost of the Bitcoin demand by hackers to restore systems through a painful month-long process.
You can read the full account of the ransom paid by Indiana's Hancock Health in a well written article at The Daily Reporter.
Hospital CEO Steve Long told the journalist there, "These folks have an interesting business model. They make it just easy enough (to pay the ransom). They price it right.”