Pays $17K in bitcoins to regain access to its computer files

A medical billing firm in Bloomington that fell victim to a ransomware attack made a $17,000 bitcoin payment this week to regain access to encrypted computer files.

The owner of MedPro Services on West Second Street reported to Bloomington police on Wednesday that she noticed on Oct. 27 that some computer files in the company’s system had been encrypted. She could not gain access, and soon learned her computer server had been hacked and infected with a virus.

Then pages with ransom demands were displayed, and business owner Rebecca Kieffner sought advice from experts and her insurance company. She hired a software company that helped her negotiate with the people responsible for the attack, which she suspects originated in Russia.

She paid the equivalent of nearly two bitcoin, about $17,000, in order to get a password to open her business files.

The experience was a rude awakening, said Kieffner, who has worked 17 years to build her business. She and seven employees provide medical billing for orthopedic offices around the country, and she was unable to access any of her business files.

“I built this business from the ground up, and for someone to just take it away from me so easily was disturbing,” Kieffner said. “This could have ruined me. This is my livelihood.”

She was able to access the files again Wednesday morning and said she and her staff have been working long hours to catch up. She said no personal account data was breached.

Her office server had a firewall and back-up security, but the ransomware users got past it. “They launch a virus that pretty much spreads like cancer and encrypts every single field in your server,” Kieffner said.

“The first thing I did was try to figure out what I did wrong, then realized they had worked a long time to find a hole. They find a way in.”

She has shut down her server and is rebuilding with a stronger firewall. From now on, all of her data will be cloud stored so it can be accessed if this were to happen again.

“You think you are protected, but make sure your server is up to date, that there is a sufficient firewall, and make sure your backup is in the cloud,” she advised. “I had everything I needed, and they got through anyway. They are one step ahead of everybody.”

(0) entries

Sign the guestbook.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.