Kansas Heart Hospital in Witchita was hit with ransomware last week. The ransomware attack occurred on Wednesday, and the KWCH 12 news video from Friday night said some files were still inaccessible by the hospital.Hospital President Dr. Greg Duick refused to disclose the ransom amount and the ransomware variant. He said, \u201cI'm not at liberty because it's an ongoing investigation, to say the actual exact amount. A small amount was made.\u201dYes, the hospital paid the ransom. No, the hackers didn\u2019t decrypt the files\u2014at least it was described as not returning \u201cfull access to the files.\u201d Instead, the attackers asked for another ransom. This time the hospital refused to pay because it was no longer \u201ca wise maneuver or strategy.\u201d+ Also on Network World:\u00a0Ransomware-like tech support scam locks screen, labels Windows product key as invalid +Supposedly the hospital had a \u201cplan\u201d for this type of attack and implemented it immediately. Duick claimed, \u201cI think it helped in minimizing the amount of damage the encrypted agent could do.\u201dWouldn\u2019t a plan include backups? Maybe the backups were not air-gapped? At any rate, despite the plan, the hospital paid the ransom only to have the attackers attempt to extort another.It\u2019s unknown if Duick is a highly technical individual who understands ransomware and is giving seriously dumbed-down explanations or if he is repeating what he was told. For example, he described ransomware as this: \u201cIt would be like you're working on your computer and all of a sudden, your computer says, sorry can't help you anymore. It became widespread throughout the institution.\u201d\u201cThe patient information never was jeopardized, and we took measures to make sure it wouldn't be,\u201d Duick said. Hopefully those measures were better than the hospital\u2019s disaster recovery \u201cplan.\u201dPatients' treatment not affectedUnlike some ransomware attacks on hospitals, which resulted in long delays due to being thrown back to old-school pen and paper records and caused the rerouting of incoming patients to a different hospital, Duick said the ransomware \u201cnever impacted\u201d treatment for Kansas Heart Hospital patients. After being a victim of a crypto spanking, it helped the \u201chospital strengthen its response to future hackers.\u201d Hopefully that includes air-gapped backups.Or perhaps the hospital did have a decent plan and one of its employees opened a phishing email to become infected during the process of converting to a new backup system. That\u2019s what happened to Tulsa attorney Grayson Barnes.He told Tulsa World, \u201cIt was a short window when they could have encrypted the files, and it happened to be the time that they did. Generally, we back up every evening. But it wasn\u2019t just a day\u2019s work product. It was the entire firm\u2019s history.\u201dBecause that was the case, the firm paid the ransom.FBI Special Agent Chad Knapp told Tulsa World, the \u201cbad guys\u201d behind the ransomware are typically overseas. \u201cThey know where to hit because they are doing their reconnaissance,\u201d he said. Knapp said he was aware of ransoms as high as $50,000 nationally, before adding that some ransoms are even higher.Last week on Ransomware InfoDay, Microsoft revealed that the United States is the top ransomware target with 320,948 infected systems, followed by Italy's 78,948 ransomware infections and 45,840 in Canada.While talking about ransomware and how organized crime is going after \u201cthe low-hanging fruit,\u201d Dr. John Hale, a University of Tulsa cybersecurity expert, added:\u201cI could attack 20,000 individuals or small companies who I know don\u2019t have security in place and don\u2019t have backup procedures, and I could [get] $500 each from them and I could come up with a pretty good payday without worrying about either getting caught or lack of success. We\u2019re seeing it as a definite up trend. What\u2019s interesting is that it\u2019s crossing multiple sectors now. The way our cars are computerized, the next ransomware attack may be in that area. \u2026\u2018You want to start your car? Pay me $300.\u2019 We\u2019re headed that way.\u201dOther experts have predicted large-scale ransomware attacks on cars with the infection hitting a manufacturing plant or car dealership.Decrypters released for TeslaCrypt, 777, Xorist and GhostCryptWhile it might not help Kansas Heart Hospital, there is good news for TeslaCrypt victims. After ESET security researchers asked the cyber thugs behind TeslaCrypt for the universal master decryption key, the crooks gave it to them. The attackers said the TeslaCrypt project is closed and they \u201care sorry.\u201dESET then created a free decrypting tool for all TeslaCrypt variants between 3.0.0 and 4.2, as well instructions for using it.Last week, Emsisoft also released free decryption tools, one for 777 ransomware and one for Xorist. Rasomware 8Lock8 was no sooner discovered than a decrypter was released. Michael Gillespie, the same malware expert who released the fix for 8Lock8, also released a decrypter for GhostCrypt.While those are fine examples of good news for victims, there seems to be no end to new ransomware being discovered.