by a ransomware attackAttack.Ransomthat has locked senators and employees out of their computer network since the early morning hours of Friday , state officials told NBC News . In a statement , Sen. Jay Costa , the Democratic leader , said the Democrats were working with law enforcement agencies and Microsoft to resolve the problem . He did not say what payment has been demandedAttack.Ransomto unlock the data , or whether the attackers had suggested any political motive . In a ransomware attackAttack.Ransom, hackers inject a network with malware that typically encrypts important data , and then demand paymentAttack.Ransomin exchange for a key that releases the data . They threaten to destroy the data if they are n't paidAttack.Ransom. The Democratic senators in the state capital of Harrisburg are on their own computer network and there is no indication that other state agencies of the Republicans have been affected , said a state official who declined to be identified . The official said the Democrats had no idea whether they were targeted for any specific reason . A spokeswoman for the FBI was looking into whether that agency had been called in . A spokeswoman for the Pennsylvania Democrats , Stacey Witalec , declined to say whether the data was backed up elsewhere or whether the attackers had identified themselves or any motive .
The Pennsylvania Senate Democrats have been hitAttack.Ransomby a ransomware attackAttack.Ransomthat has locked senators and employees out of their computer network since the early morning hours of Friday , state officials told NBC News . In a statement , Sen. Jay Costa , the Democratic leader , said the Democrats were working with law enforcement agencies and Microsoft to resolve the problem . He did not say what payment has been demandedAttack.Ransomto unlock the data , or whether the attackers had suggested any political motive . In a ransomware attackAttack.Ransom, hackers inject a network with malware that typically encrypts important data , and then demand paymentAttack.Ransomin exchange for a key that releases the data . They threaten to destroy the data if they are n't paidAttack.Ransom. The Democratic senators in the state capital of Harrisburg are on their own computer network and there is no indication that other state agencies of the Republicans have been affected , said a state official who declined to be identified . The official said the Democrats had no idea whether they were targeted for any specific reason . A spokeswoman for the FBI was looking into whether that agency had been called in . A spokeswoman for the Pennsylvania Democrats , Stacey Witalec , declined to say whether the data was backed up elsewhere or whether the attackers had identified themselves or any motive .
City employees in Atlanta coming to work Friday morning were told not to turn on their computers and WiFi at the Atlanta airport was turned off due to a ransomware attackAttack.Ransomthat hitAttack.Ransommunicipal systems on Thursday . As employees walked into city hall for work , they were handed a printed notice telling them to not use their computers until they were cleared by the municipal IT group , the Atlanta Journal Constitution reported . At a news conference Friday afternoon , Atlanta chief operating officer Richard Cox said that the WiFi at Hartsfield–Jackson Atlanta International Airport had been disabled out of `` an abundance of caution . '' The city is still working on mitigating the ransomware and Mayor Keisha Lance Bottoms did not answer questions from reporters as to whether the attack had ended . `` What we want to make sure of is that we aren ’ t putting a Band-Aid on a gaping wound . We want to make sure that we take the appropriate steps , '' she said . Atlanta doesn ’ t know who is behind the attack , the mayor said . The good news is that while “ this is a massive inconvenience to the city , it is not life and death , ” she said . Police , fire and other vital services are still fully functional , Cox said . The attack hit early Thursday morning . Bottoms has repeatedly told employees they should monitor their bank accounts because city officials don ’ t yet know what information was compromisedAttack.Databreachin the attackAttack.Databreach. `` Let 's just assume that if your personal information is housed by the City of Atlanta , whether it be because you are a customer who goes online and pays your bills or any employee or even a retiree , we do n't know the extent , so we just ask that you be vigilant , '' Bottoms said . The ransomware is affecting applications that customers use to pay bills and access court-related information among other things , Bottoms said . The attackers demandedAttack.Ransomthe equivalent of $ 51,000 in digital currency to unlock the system . The city is working with the FBI and local law enforcement to investigate the attack , Cox said . While it has been a difficult two days , Atlanta will in the end prevail , he said . `` The city was around before computers were around , said Cox . `` We ’ ll rise from the ashes , '' he added
Austrian police arrested a 19-year-old teenager from Linz for infecting the network of a local company with the Philadelphia ransomware . The incident in question took place last year and targeted an unnamed company based in Linz . The attacker locked the company 's servers , including its production database . The attacker asked forAttack.Ransom$ 400 to unlock the company 's systems , but the victim refused and instead recovered its data via older backups . Attack traced back to Linz teenager The company filed a criminal complaint with the Austrian Federal Criminal Police Office ( Bundeskriminalamt , or BK ) , claiming damages of €3,000 due to production losses . An investigation by Austrian police 's SOKO Clavis unit tracked down the attack to a Linz teenager . Authorities searched the suspect 's homes , one in Linz , and one near Vienna , where he moved . Police arrested the young man , who was later released and is now under an official investigation . According to a BK spokesperson , the teenager denied all accusations . Teenager bought ransomware off the Dark Web Investigators believe the suspect bought the Philadelphia ransomware off the Dark Web . The ransomware is currently on sale on the AlphaBay Dark Web marketplace starting with $ 389 . The ransomware appeared in September 2016 and was based on the Stampado ransomware . Emsisoft released a free decrypter for Philadelphia a day after the ransomware first appeared . According to a Forcepoint report published today , Philadelphia is also the tool of choice for ransomware attacksAttack.Ransomagainst the healthcare sector . Austrian police are also investigating ( cached mirror ) another ransomware attackAttack.Ransomthat targeted an Austrian hotel . In late January , a ransomware attackAttack.Ransomat an Austrian hotel affected the electronic door locking system at an Austrian hotel . At the time of publishing Bleeping Computer could not confirm with Austrian police that this was the same attack they started investigating in mid-March .
Cyber criminals took a second swing at Mecklenburg County government on Thursday after officials rejected a demand for moneyAttack.Ransomfollowing a ransomware attackAttack.Ransom. The follow-up attempts to hold the county hostage over illegally encrypted data came just hours after County Manager Dena Diorio announced she ’ d decided against payingAttack.Ransoma hacker ransomAttack.Ransom. Instead of agreeing to payAttack.Ransomcriminals , she said Wednesday , the county will rebuild its system applications and restore files and data from backups . But by Thursday afternoon , hackers tried to strike again . Diorio sent staff members an email saying , “ I have a new warning for employees. ” As the county ’ s IT staff worked to recover from the first cyberattack , Diorio said , they discovered more attempts to compromiseAttack.Databreachcomputers and data on Thursday . “ To limit the possibility of a new infection , ITS is disabling employees ’ ability to open attachments generated by DropBox and Google Documents , ” she wrote in an email . “ The best advice for now is to limit your use of emails containing attachments , and try to conduct as much business as possible by phone or in person. ” She described the aftermath of the ransomware attackAttack.Ransomas a “ crisis ” and reassured employees they should not feel personally responsible for the incident . The county first learned of the problem earlier this week after an employee openedAttack.Phishinga malicious “ phishing ” email and accessed an attached file that unleashed a widespread problem inside the county ’ s network of computers and information technology . The intent of that ransomware attackAttack.Ransomwas to essentially access as many county government files and data servers as possible . Then , the information was encrypted or locked , keeping employees at the county from accessing operating systems and files . The person or people responsible for the infiltration then demandedAttack.Ransomthe county payAttack.Ransomtwo bitcoins , or about $ 23,000 , in exchange for a release of the locked data . The county refused to payAttack.Ransom. County officials say they anticipate the recovery time for Mecklenburg County government operations will take days . “ We are open for business , and we are slow , but there ’ s no indication of any data lossAttack.Databreachor that personal information was compromisedAttack.Databreach, ” Diorio said . Diorio said third-party security experts believe the attackAttack.Ransomearlier this week by a new strain of ransomware called LockCrypt originated from Iran or Ukraine . Forty-eight of about 500 county computer servers were affected .
The email-borne attack locked the city ’ s servers and many of the daily business functions , officials said . ( TNS ) -- SPRING HILL , Tenn. — The city was the victim of a recent cyber-attackAttack.Ransom, which caused its computer system to lock with a ransomAttack.Ransomof $ 250,000 . Spring Hill was one of several other local government agencies who were victim to the attackAttack.Ransom, and city officials say they do not believe any citizen or customer account information was stolenAttack.Databreachor compromisedAttack.Databreach. It did , however , temporarily halt any online credit or debit card payments . `` We received a ransomware attackAttack.RansomFriday evening that ended up going in and locking our servers . It affected all of our departments , and we have been in recovery mode ever since [ Sunday ] , '' City Administrator Victor Lay said . `` We 've now been able to , at least minimally , conduct business , although the manual system of paper and pencil seems to work pretty well against those kinds of things . '' Lay added that the `` appropriate government authorities '' have been contacted about the incident , which will meet later this week to discuss an investigation into the incident . He said it was not a `` hack '' per se , but a virus created from a downloadable email attachment , locking the system using an encryption key . `` We 're working through it . Obviously , we chose not to pay the ransomAttack.Ransom. We 're working through the system and it 's going to take us a few days to get things all back to normal , but we 're getting there . ''
The White House has publicly blamed North Korea for a ransomware attackAttack.Ransomin May that locked more than 300,000 computers in 150 countries . `` North Korea has acted especially badly , largely unchecked , for more than a decade , '' Homeland Security adviser Tom Bossert said at a White House briefing Tuesday morning . He called the WannaCry attackAttack.Ransoma reckless attack that caused `` havoc and destruction '' by locking vital information away from users , including hospital networks . `` We believe now we have the evidence to support this assertion , '' Bossert said . `` It 's very difficult to do when you 're looking for individual hackers . In this case , we found a concerted effort . '' In an opinion piece published in The Wall Street Journal on Monday , Bossert wrote that after careful investigation , Washington can say that Pyongyang is `` directly responsible '' for the WannaCry virus . Bossert called the attackAttack.Ransomin which victims received ransom demandsAttack.Ransomto unlock their computers `` cowardly , costly and careless . '' `` The consequences and repercussions of WannaCry were beyond economic , '' he wrote . `` The malicious software hitAttack.Ransomcomputers in the U.K. 's health-care sector particularly hard , compromising systems that perform critical work . These disruptions put lives at risk . '' Bossert is expected to brief reporters on Tuesday about the hacking . NPR 's Elise Hu tells Morning Edition that `` cyberattacks are a way for North Korea to punch above its weight '' and that Pyongyang 's hackers `` have access to global networks and the Internet , and they have some real successes to count . '' Within days of the attack in May , North Korea fell under suspicion . As NPR 's Bill Chappell reported at the time , WannaCry was found to have `` lines of code that are identical to work by hackers known as the Lazarus Group , [ which has ] ... been linked to North Korea , raising suspicions that the nation could be responsible . '' And in October , Britain 's Minister of State for Security Ben Wallace said his government was `` as sure as possible '' that Pyongyang launched the attack . Bossert said in the Journal that President Trump had `` ordered the modernization of government information-technology to enhance the security of the systems we run on behalf of the American people . '' `` We also indicted Russian hackers and a Canadian acting in concert with them . A few weeks ago , we charged three Chinese nationals for hackingAttack.Databreach, theftAttack.Databreachof trade secrets and identity theft . There will almost certainly be more indictments to come , '' he wrote . He said that the administration would continue to use its `` maximum pressure strategy to curb Pyongyang 's ability to mount attacks , cyber or otherwise . ''
GREENFIELD — Hancock Health fell victim to a cyber attackAttack.RansomThursday , with a hacker demanding BitcoinAttack.Ransomto relinquish control of part of the hospital ’ s computer system . Employees knew something was wrong Thursday night , when the network began running more slowly than normal , senior vice president/chief strategy and innovation officer Rob Matt said . A short time later , a message flashed on a hospital computer screen , stating parts of the system would be held hostage until a ransom is paidAttack.Ransom. The hacker asked for BitcoinAttack.Ransom— a virtual currency used to make anonymous transactions that is nearly impossible to trace . The hospital ’ s IT team opted to immediately shut down the network to isolate the problem . The attack affected Hancock Health ’ s entire health network , including its physician offices and wellness centers . Friday afternoon , Hancock Health CEO Steve Long confirmed the network was targeted by a ransomware attackAttack.Ransomfrom an unnamed hacker who “ attempted to shut down ( Hancock Health ’ s ) operations. ” Hospital leaders don ’ t believe any personal medical information has been compromisedAttack.Databreach, Long said . Long declined to disclose details of the attackAttack.Ransom, including how much ransom has been requestedAttack.Ransom. The attack amounts to a “ digital padlock , ” restricting personnel access to parts of the health network ’ s computer systems , he said . The attack was not the result of an employee opening a malware-infected email , a common tactic used to hack computer systems , he said . The attack was sophisticated , he said , adding FBI officials are familiar with this method of security breach . “ This was not a 15-year-old kid sitting in his mother ’ s basement , ” Long said . Protecting patients Notices posted Friday at entrances to Hancock Regional Hospital alerted visitors to a “ system-wide outage ” and asked any hospital employee or office using a HRH network to ensure all computers were turned off . Doctors and nurses have reverted to using pen and paper for now to keep patients ’ medical charts updated . Long said he wasn ’ t aware of any appointments or procedures that were canceled directly related to the incident , adding Friday ’ s snowy weather contributed to many cancellations . Most patients likely didn ’ t notice there was a problem , nor did the attack significantly impact patient care , Long said . Hospital staff members worked with the FBI and a national IT security company overnight and throughout the day Friday to resolve the issue . Long said law enforcement has been acting in an “ advisory capacity , ” and declined to release details about the plan going forward , including whether the hospital is considering paying the ransomAttack.Ransom. Long commended his staff , especially IT workers , who quickly identified the problem Thursday evening . “ If I was going through this with anybody , this is the team I would want to go through this with because I know what the outcome is going to be , ” he said . Leaders updated hospital employees , totaling about 1,200 people , throughout the day Friday and took steps to be accommodate both patients and staff , including offering free food in the hospital cafeteria all day , Long said . Long said if there is any suggestion private patient information has been compromisedAttack.Databreach, hospital officials will reach out to those affected , though he doesn ’ t expect that to become an issue . “ We anticipate questions , ” he said . “ This is not a small deal . ”
Cybersecurity experts and companies on Long Island are looking for ways to shore up the weakest link on company computer networks : the employee . Local cybersecurity professionals are creating interactive comic books , testing employees with simulated phishing emails — tailored messages that seek to obtain key information , such as passwords — and seeking to convince top executives that the threat of business disruption from hacking requires their attention . “ The biggest problem is not the technology ; it ’ s the people , ” said Laurin Buchanan , principal investigator at Secure Decisions , a division of Northport software developer Applied Visions Inc. Sixty percent of cyber-assaults on businesses can be traced to insiders ’ actions , either inadvertent or malicious , according to a 2016 study by IBM Security . The average cost of a data breachAttack.Databreachfor U.S. companies is $ 7.4 million , or $ 225 per lost or stolen record , a June 2017 study by IBM and the Ponemon Institute , a Traverse City , Michigan , researcher , found . Costs related to data breachesAttack.Databreachcan include the investigation , legal costs to defend against and settle class-action lawsuits , credit monitoring for affected customers , and coverage of fraud losses . Harder to gauge is the cost to a company ’ s reputation . One of the largest hacksAttack.Databreachever was disclosed this month , when credit reporting company Equifax Inc. revealed that sensitive data from 143 million consumers , including Social Security numbers and birth dates , was exposedAttack.Databreach. A stock analyst from Stifel Financial Corp. estimated that the attack will cost Equifax about $ 300 million in direct expenses . Investors seem to think the incident will have a much greater impact on At a seminar in Garden City this month , Henry Prince , chief security officer at Shellproof Security in Greenvale , explained how in a ransomware attackAttack.Ransom— one of many types — cybercriminals can buy specialized tools such as those used to sendAttack.Phishingphishing emails . The easy availability of that software means that hackers require “ no programming experience , ” Prince said . Phishing emails can be blocked by company email filters , firewalls and anti-virus software . But if one gets throughAttack.Phishingand an employee clicks on the link in the phishing email , the business ’ network is compromised . Hackers can then encrypt files , preventing access to them by the company and crippling the business , Prince said at the seminar . Hackers then can demand paymentAttack.Ransom, typically in an untraceable cryptocurrency like Bitcoin — a digital asset that uses encryption — before agreeing to decrypt the files . “ Ransomware is a business to these people , ” Prince said . “ Ninety-nine percent of the time , ransomware requires user interaction to infect. ” Della Ragione echoed that sentiment : “ The greatest risk at a company is the employees . Training employees is one of the best steps in shoring up your defenses. ” In response , many local experts and companies focus on teaching employees how to resist hackers ’ tricks . Secure Decisions has developed interactive comics to teach employees ways of detecting “ phishing ” emails and other hacking attempts . The company has gotten more than $ 1 million for research related to the interactive comic project , known as Comic-BEE , from the Department of Homeland Security , as well as a grant for $ 162,262 from the National Science Foundation . The comics , inspired by children ’ s “ Choose Your Own Adventure ” books , feature different plots depending on the reader ’ s choices . “ If you can give people the opportunity to role-play , some of the exhortations by the experts will make more sense , ” Buchanan said . The comics are being field-tested at several companies and Stony Brook University . They were featured in July at a DHS cybersecurity workshop in Washington , D.C. Radu Sion , a computer science professor at Stony Brook and director of its National Security Institute , which studies how to secure digital communications , acknowledged that security is far from a priority for most users . “ Ultimately , the average Joe doesn ’ t care , ” he said . “ You [ should ] treat the vast majority of your users as easily hackable. ” Northwell Health , the New Hyde Park-based health care system that is the largest private employer in New York State , is trying to find and get the attention of those inattentive employees . Kathy Hughes , Northwell vice president and chief information security officer , sends out “ phishing simulations ” to the workforce . The emails are designed to mimicAttack.Phishinga real phishing campaignAttack.Phishingthat seeks passwords and personal information . In April , for instance , Northwell sent outAttack.Phishingphishing emails with a tax theme . Hughes collects reports on which employees take the baitAttack.Phishingby user , department and job function . “ We present them with a teachable moment , ” she said . “ We point out things in the email that they should have looked at more carefully. ” The emails are supplemented with newsletters , screen savers and digital signage reminding users that hackers are lurking . Another tool : Non-Northwell emails have an “ external ” notation in the subject line , making it harder for outsiders to pretend to beAttack.Phishinga colleague . “ We let [ the employees ] know that they are part of the security team , ” she said . “ Everybody has a responsibility for security. ” One of the most important constituencies for security is top executives . Drew Walker , a cybersecurity expert at Vector Solutions in Tampa , Florida , said many executives would rather not know about vulnerabilities to their computer systems , because knowledge of a hole makes them legally vulnerable and casts them in a bad light . “ Nine times out of 10 , they don ’ t want to hear it , ” he said . “ It makes them look bad. ” Richard Frankel , a former FBI special agent who is of counsel at Ruskin Moscou , said that company tests of cybersecurity readiness often snare CEOs who weren ’ t paying attention to training . But attorney Della Ragione said high-profile attacks are getting notice from executives . “ Everyone ’ s consciousness is being raised , ” she said . Data leaksAttack.Databreachat Long Island companies have caused executives to heighten security . In 2014 , Farmingdale-based supermarket chain Uncle Giuseppe ’ s Marketplace said that foreign hackers had breachedAttack.Databreachthe credit card database of three stores . Joseph Neglia , director of information technology at Uncle Giuseppe ’ s , said that after the data breachAttack.Databreach, which affected about 100 customers , the company began scheduling “ monthly vulnerability scans ” and upgraded its monitoring and security systems . For businesses , Stony Brook ’ s Sion said , the cybersecurity threat is real and immediate . “ I need one second with your machine to compromise it forever and ever , ” he said . “ It ’ s an uphill battle . ”
The email didn ’ t just seem innocent , it also seemed familiar to the accounts payable employee at MacEwan University in Edmonton . It was from one of the local construction firms the public institution deals with , logo and all . There was new bank account information —could accounts payable please change it ? The staff and this supposed vendor communicated back and forth , from late June until a few weeks ago , in early August . One university employee was involved in this correspondence at first ; two more were added . Then vendor payments went through , as scheduled : $ 1.9 million from MacEwan accounts on August 10 . Another $ 22,000 were transferred seven days later . Finally , $ 9.9 million went to this new bank account on August 19 , a Saturday . Wednesday morning , for the first time in this episode , came a phone call . The Edmonton-area vendor wanted to know why it never got its payments . The massive fraud had already been perpetrated , $ 11.8 million winding its way into a TD bank account in Montreal and much of it then wired overseas , a university spokesman says . Investigators have traced $ 11.4 million of the money and frozen the suspect accounts in Quebec and Hong Kong . The school is pursuing civil legal action to recover the money . “ The status of the balance of the funds is unknown at the time , ” a MacEwan statement said about the other $ 400,000 . There ’ s likely not a person reading this online who hasn ’ t received a phishing attackAttack.Phishing, in which someone pretending to beAttack.Phishinga bank sendsAttack.Phishingan email or text message , hoping to trickAttack.Phishingyou into enter or re-enter account information or a credit card number . What hit MacEwan was a spear phishing attackAttack.Phishing, in which scammers impersonateAttack.Phishinga client or associate of the individual . In this case , the fraudster had cut-and-pasted the actual vendor ’ s logo , MacEwan spokesman David Beharry said . A phishing attacker will often cast several luresAttack.Phishing; in this case , investigators said 14 different Edmonton-area construction sites or firms were impersonatedAttack.Phishingas part of this attempt . The successful trickAttack.Phishingled to financial transfers equivalent to more than five per cent of the publicly funded school ’ s 2016 operating budget , according to records . This inflicted vastly more damage than the last well-documented online scam to successfully target an Alberta post-secondary school : last year , University of Calgary paidAttack.Ransom$ 20,000 in what ’ s known as a ransomware attackAttack.Ransom, in which cyberattackers manage to lock or encrypt network data until the victim pays upAttack.Ransom. While MacEwan is confident it can recoup the amounts already frozen , it will also incur legal fees on three continents as it tries to do so , Beharry says . Edmonton ’ s second-largest university knew enough about this problem to launch its own phishing awareness campaign last school year for staff and students , posters and all . Now , the school itself will become a cautionary tale about the perils and pratfalls of spear phishing cyberattacksAttack.Phishing. With this ugly incident , MacEwan University becomes a cautionary tale of another sort : financial controls . These were not high-level employees ensnared by this phishing attackAttack.Phishing, the school spokesman says , though he did not identify them or clarify how the three employees were involved . From now on , one fraud and $ 11.8 million later , such vendor banking information changes will need to go through a second and third level of approval at MacEwan before the final clicks or keystrokes occur .
When two ransomware attacks hitAttack.Ransomthe city of Riverside in April and May , it wasn ’ t the first time the city ’ s public safety servers lost data because of a malicious virus , this newspaper found in a review of city records . A check of newspapers across Ohio reveals similar unfortunate targets around the state : Licking County government , the Columbiana County courts and townships in Clinton and Morrow counties were once all ransomware victims . In Clark County , hackers encrypted the Mad River Twp . Fire and EMS servers with ransomware in December . The damage extends across the nation : When a library system in South Carolina faced a ransomware attackAttack.Ransom, patrons couldn ’ t check out or return books . In Richmond , Indiana , the local housing agency fell victim to a $ 8,000 ransomAttack.Ransom. Hackers shut down 2,000 computers at Colorado ’ s transportation department , then attacked again when the agency tried to recover . While the hackers ’ ideal target — and the damage caused — varies , one certainty is that local governments are not exempt from the pain of ransomware , which is malicious software that threatens to block access to data or to publish it unless the infected organization pays a ransomAttack.Ransom. The ransom demandsAttack.Ransomare often relatively small compared to an organization ’ s overall budget , but the cost of avoiding payment can be steep , as the city of Atlanta found this year . An attacker demandedAttack.Ransoma $ 50,000 ransomAttack.Ransomto restore the Atlanta ’ s systems , but the city ended up shelling out nearly $ 2.7 million on eight emergency contracts in an attempt to fix the problem . Experts encouraged all computer users to follow one rule to avoid ransomware ’ s predilection for data destruction . “ Real simple , ” said John Moore , a computer technician in Trotwood . “ Back up your data. ” Prior attack uncovered Hackers hit Riverside ’ s police computers with ransomware several years before the latest incidents , emails obtained by the newspaper show . The attack — previously unknown to the public before this story — occurred under a prior city manager and also saw the police department lose documents , according to an email from Councilman Steve Fullenkamp to other city leaders . Sometimes , as was the case with at least one of Riverside ’ s recent attacks , the virus can be downloaded by clicking on an infected email . Organizations often don ’ t learn they have been infected until they can ’ t access their data or until computer messages appear demanding a ransom paymentAttack.Ransomin exchange for a decryption key , according to the FBI ’ s website . The first of the recent attacks against Riverside erased about 10 months of police records , the records show . The second attack wiped just several hours of data , because the city had backed-up the data .
Liberty Life has fallen victim to a ransomware attackAttack.Ransom, with the personal data of millions of the insurance company ’ s customers potentially at stake . Last night ( 16 June ) , the company informed customers that hackers have gained unauthorised access to its IT infrastructure . “ An external party claims to have seizedAttack.Databreachdata from us , has alerted us to potential vulnerabilities in our systems and has requested compensation for this , ” a statement to customers reads . “ Since becoming aware , we have taken immediate steps to secure our computer systems. ” It is believed that the hackers have demandedAttack.Ransommillions to prevent them from releasing sensitive data about clients . “ Liberty is investigating the breach and we will endeavour to keep all stakeholders fully informed as appropriate , ” the statement adds . “ We are working hard to rectify the situation . ”
LabCorp experienced a breach this past weekend , which it nows says was a ransomware attackAttack.Ransom. The intrusion has also prompted concerns that patient data may have also been stolenAttack.Databreach. One of the biggest clinical lab testing companies in the world , LabCorp , was hitAttack.Ransomwith a `` new variant of ransomware '' over the weekend . `` LabCorp promptly took certain systems offline as a part of its comprehensive response to contain and remove the ransomware from its system , '' the company told PCMag in an email . `` We are working to restore additional systems and functions over the next several days . '' LabCorp declined to say what variant of ransomware was used . But according to The Wall Street Journal , the company was hitAttack.Ransomwith a strain known as SamSam . In March , the same strain attackedAttack.Ransomthe city of Atlanta 's IT network . Like other ransomware variants , SamSam will effectively lock down a computer , encrypting all the files inside , and then demandAttack.Ransomthe victim pay upAttack.Ransomto free the system . In the Atlanta attackAttack.Ransom, the anonymous hackers demandedAttack.Ransom$ 51,000 , which the city government reportedly refused to payAttack.Ransom. How much the hackers are demandingAttack.Ransomfrom LabCorp is n't clear ; the company declined to answer further questions about the attackAttack.Ransomor if it will pay the ransomAttack.Ransom. The lab testing provider first reported the breach on Monday , initially describing it as `` suspicious activity '' on the company 's IT systems that relate to healthcare diagnostics . This prompted fears that patient data may have been stolenAttack.Databreach. The North Carolina-based company processes more than 2.5 million lab tests per week and has over 1,900 patient centers across the US . `` LabCorp also has connections to most of the hospitals and other clinics in the United States , '' Pravin Kothari , CEO of cybersecurity firm CipherCloud , said in an email . `` All of this presents , at some point , perhaps an increased risk of cyber attacks propagating and moving through this expanded ecosystem . '' On Thursday , LabCorp issued a new statement and said the attackAttack.Ransomwas a ransomware strain . At this point , the company has found `` no evidence of theftAttack.Databreachor misuse of data , '' but it 's continuing to investigate . `` As part of our in-depth and ongoing investigation into this incident , LabCorp has engaged outside security experts and is working with authorities , including law enforcement , '' the company added .
Officials at a medical practice in Blue Springs say they are taking steps to strengthen privacy protections after a ransomware attackAttack.Ransomaffected nearly 45,000 patients . Blue Springs Family Care discovered in May that hackers had installed malware and ransomware encryption programs on its computer system , giving them full accessAttack.Databreachto patient records . Ransomware is a kind of malware that locks up a computer . The attackers typically demand a ransomAttack.Ransom, often in Bitcoin or other cryptocurrencies , as a condition of unlocking the computer and allowing access to the system . Melanie Peterson , Blue Springs Family Care ’ s privacy officer , says the medical practice did not pay a ransomAttack.Ransom. Rather , it was able to use backups to regain computer access . In a letter to patients , Blue Springs Family Care said it had no evidence patients ’ information had been used by unauthorized individuals . But it said it had taken steps to strengthen its defenses against similar attacks in the future . Peterson says the family medical practice has essentially rebuilt its computer system from scratch “ to make sure that no traces of any kind of virus were left in the system. ” The number of affected patients was as large as it was because the medical practice is required to keep medical records going back 10 years . Peterson says both the FBI and Blue Springs Police Department were notified of the attack . So far , the hackers have not been identified , she says . Blue Springs Family Care ’ s computer vendor discovered the ransomware attackAttack.Ransomon May 12 . In its letter to patients , Blue Springs Family Care said it hired a forensic IT company to help quarantine the affected systems and to install software to monitor whether any unauthorized person was accessing the system . The attack on Blue Springs Family Care was not an anomaly . Health care businesses in particular have been targeted by ransomware attacksAttack.Ransom. According to Beazly , a cybersecurity insurance company , 45 percent of ransomware attacksAttack.Ransomin 2017 targeted the health care industry . Financial services , which accounted for 12 percent of ransomware attacksAttack.Ransom, were a distant second . Last month , Cass Regional Medical Center in Harrisonville , Missouri , reported a ransomware attackAttack.Ransomhad briefly cut off access to its electronic health record system on July 9 . Hospital officials said there was no indication patient data was accessedAttack.Databreach. Cass Regional was just the latest of many Missouri health care institutions targeted in the last few months by cyber-attackers . Others include Children ’ s Mercy Hospital in Kansas City , Barnes Jewish Hospital in St. Louis , Barnes-Jewish St. Peters Hospital in St. Peters and John J. Pershing VA Medical Center in Poplar Bluff . In Kansas , the Cerebral Palsy Research Foundation of Kansas , the Kansas Department for Aging and Disability Services , Atchison Hospital Association and a private medical practice in McPherson have all been hit with cyberattacks since March . “ If you think about what ’ s in a health or medical record , there ’ s a lot of information that could be used to create or falsify documents on an individual , ” says Madeline Allen , an assistant vice president in the cybertech practice at Lockton Companies , a Kansas City-based insurance broker . “ So think about your medical record that contains not only your health information but also your name and address , your social security number , your date of birth , oftentimes a driver ’ s license number . “ All of those things can be used to impersonate you , whether it be to open a line of credit , apply for a loan , file a tax return – all of those things . Pretty much everything you need would be found in your health record , '' Allen says . `` If you can get a full health record on someone , it ’ s pretty valuable information to the bad guys as they ’ re looking to monetize that information. ” For health care institutions , Allen says , it ’ s not so much a question of whether they will be attacked as when . As such , she says , apart from instituting technical measures , the most important thing they can do to ward off cyberattacks is to educate their employees . “ Let them know that people are constantly trying to attack from all angles and the attacks are pretty sophisticated , ” she says . “ It ’ s very easy to click on a link thinking it ’ s legitimate or respond to an email that looks legitimate when in fact it ’ s not . So I think the education of employees and staff is perhaps the biggest step that health care facilities can take . ”
Officials at a medical practice in Blue Springs say they are taking steps to strengthen privacy protections after a ransomware attackAttack.Ransomaffected nearly 45,000 patients . Blue Springs Family Care discovered in May that hackers had installed malware and ransomware encryption programs on its computer system , giving them full accessAttack.Databreachto patient records . Ransomware is a kind of malware that locks up a computer . The attackers typically demand a ransomAttack.Ransom, often in Bitcoin or other cryptocurrencies , as a condition of unlocking the computer and allowing access to the system . Melanie Peterson , Blue Springs Family Care ’ s privacy officer , says the medical practice did not pay a ransomAttack.Ransom. Rather , it was able to use backups to regain computer access . In a letter to patients , Blue Springs Family Care said it had no evidence patients ’ information had been used by unauthorized individuals . But it said it had taken steps to strengthen its defenses against similar attacks in the future . Peterson says the family medical practice has essentially rebuilt its computer system from scratch “ to make sure that no traces of any kind of virus were left in the system. ” The number of affected patients was as large as it was because the medical practice is required to keep medical records going back 10 years . Peterson says both the FBI and Blue Springs Police Department were notified of the attack . So far , the hackers have not been identified , she says . Blue Springs Family Care ’ s computer vendor discovered the ransomware attackAttack.Ransomon May 12 . In its letter to patients , Blue Springs Family Care said it hired a forensic IT company to help quarantine the affected systems and to install software to monitor whether any unauthorized person was accessing the system . The attack on Blue Springs Family Care was not an anomaly . Health care businesses in particular have been targeted by ransomware attacksAttack.Ransom. According to Beazly , a cybersecurity insurance company , 45 percent of ransomware attacksAttack.Ransomin 2017 targeted the health care industry . Financial services , which accounted for 12 percent of ransomware attacksAttack.Ransom, were a distant second . Last month , Cass Regional Medical Center in Harrisonville , Missouri , reported a ransomware attackAttack.Ransomhad briefly cut off access to its electronic health record system on July 9 . Hospital officials said there was no indication patient data was accessedAttack.Databreach. Cass Regional was just the latest of many Missouri health care institutions targeted in the last few months by cyber-attackers . Others include Children ’ s Mercy Hospital in Kansas City , Barnes Jewish Hospital in St. Louis , Barnes-Jewish St. Peters Hospital in St. Peters and John J. Pershing VA Medical Center in Poplar Bluff . In Kansas , the Cerebral Palsy Research Foundation of Kansas , the Kansas Department for Aging and Disability Services , Atchison Hospital Association and a private medical practice in McPherson have all been hit with cyberattacks since March . “ If you think about what ’ s in a health or medical record , there ’ s a lot of information that could be used to create or falsify documents on an individual , ” says Madeline Allen , an assistant vice president in the cybertech practice at Lockton Companies , a Kansas City-based insurance broker . “ So think about your medical record that contains not only your health information but also your name and address , your social security number , your date of birth , oftentimes a driver ’ s license number . “ All of those things can be used to impersonate you , whether it be to open a line of credit , apply for a loan , file a tax return – all of those things . Pretty much everything you need would be found in your health record , '' Allen says . `` If you can get a full health record on someone , it ’ s pretty valuable information to the bad guys as they ’ re looking to monetize that information. ” For health care institutions , Allen says , it ’ s not so much a question of whether they will be attacked as when . As such , she says , apart from instituting technical measures , the most important thing they can do to ward off cyberattacks is to educate their employees . “ Let them know that people are constantly trying to attack from all angles and the attacks are pretty sophisticated , ” she says . “ It ’ s very easy to click on a link thinking it ’ s legitimate or respond to an email that looks legitimate when in fact it ’ s not . So I think the education of employees and staff is perhaps the biggest step that health care facilities can take . ”
Bristol Airport authorities were recently forced to take their flight information system displays offline for two days to contain a ransomware attackAttack.Ransom. The authorities dismissed the ransom demandAttack.Ransomand decided to rebuild the affected systems . For two days , flight status information was displayed on whiteboards and there was an increase in announcements over the speakers . Similarly , in the last few months there have been several cyberattacks targeting hospitals , city administration and sporting events . The servers of the US-based PGA were reportedly hit by ransomwareAttack.Ransomattacks right before the PGA Championship in the first week of August . A new ransomware called Everlasting Blue Blackmail Virus , which targets Windows PCs using spam and phishing campaignsAttack.Phishing, flashes former US President Barrack Obama ’ s image with the ransom message . Once the ransomware gains entry into the system , its looks for all .exe ( executable ) files and encrypts them , preventing users from running apps until the ransom is paidAttack.Ransom. Hot on the heels of the cyberattackAttack.Ransomon the town of Valdez in Alaska , Canadian town Midland in Ontario was hit by a ransomware attackAttack.Ransomin the first week of September . Hackers broke into the city database involving fire , water , and waste management and blocked access , demanding ransomAttack.Ransom. A major concern for cybersecurity experts is the fileless attacks , which are hard to detect . These attacks do not install a malicious software to infiltrate a victim ’ s computer , which makes it difficult for anti-virus solutions to detect them . According to Ponemon Institute , 35 % of all cyberattacks in 2018 were fileless , while security solution provider Carbon Black claims that fileless attacks accounted for 50 % of all successful data breachesAttack.Databreachtargeting financial businesses . Fileless attacks target legitimate Windows tools such as PowerShell ( a scripting language which can provide hackers unrestricted access to Windows API ) and Windows Management Instrumentation ( used by admins ) . By latching on to these tools , hackers gain control over the PC and eventually the organization ’ s database . In another recent development , researchers at F-Secure have come across a new vulnerability affecting PCs . Dubbed as cold boot , the attack can be carried off using a special programme through a USB drive connected to a PC . Using the programme , the hacker can disable the memory overwriting by rebooting the system , without a proper shutdown . The attack can be used to break into company system which might have access to the company network .
Officials in Madison County say a ransomware attackAttack.Ransomhas left the county struggling to conduct business . County Commissioner Brent Mendenhall tells the Post Register in a story on Wednesday county employees have been unable to send emails since Sunday . Madison County Clerk Kim Muir says the county is using backup data from Saturday to issue paychecks Thursday . The objective of ransomware is to cut off a user 's access to computer systems and then demand paymentAttack.Ransomto return that access . Mendenhall and Muir say they have no intention of paying the ransomAttack.Ransomand have n't looked to see how much is being demandedAttack.Ransom. Mendenhall credited county workers for backing up data , meaning the system can be restored without paying the ransomAttack.Ransom.
A Vermont business 's computer system was attackedAttack.Ransomby hackers and held for ransomAttack.Ransom. It may sound like a movie plot but ransomware attacksAttack.Ransomlike these are on the rise . According to their 2017 Internet Crime report , last year the FBI received 1,783 complaints identified as ransomware . The adjusted losses from the attacks was over $ 2.3 million . An example of a ransomware attackAttack.Ransomis software that downloads to your computer , encrypts your data and then demands moneyAttack.Ransomto get it back . It 's technological extortion , essentially . And that 's what happened to Wendell 's Furniture in Colchester at the end of last month . `` Our servers crashed and when our IT guy came to take care of the problem , I asked him how the patient was doing and he just got kind of an ashen look on his face and he just shook his head and I knew we were in trouble , '' said Ryan Farrell , the vice president of Wendell 's Furniture . Farrell says in their nearly 20 years of business , they 've never had this type of cybersecurity attack . `` I honestly do n't think I believed it to begin with . It 's something you see in the movies , something you see on TV but it 's never something that I thought would happen to us , especially here in Vermont , '' Farrell said . The company 's sales information from the last 5-10 years was stolenAttack.Databreach, including customers ' names , addresses , phone numbers and email addresses . However , no credit card numbers were part of the breach . `` My message to customers is not to panic , do n't be worried about your information , '' Farrell said . `` Just know that it 's going to take us just a little bit more time to get your sofa to you but we 're open for business . '' Wendell 's was able to recover most of the data but not all of it . They are still missing several months ' worth of data . `` Everything that used to be easy is now really hard , '' Farrell said . A McAfee report shows that ransomware attacksAttack.Ransomare up more than 100 percent in the second quarter of 2018 over that same time frame in 2016 . Duane Dunston teaches cybersecurity at Champlain College and says these attacks can be hard to count . `` It 's not really clear because many organizations may not report it , '' he said . `` It may be easier for them to give them the money and just move on . '' Wendell 's ended up paying thousands of dollars but Dunston says that can have repercussions . `` One of the dangers is that they can come back and ask for more money at a later time , '' he explained . `` There really is no way to know whether they are going to delete the data or whatever they are demanding . '' Dunston says there is lots of public information on how to protect your data but to make sure you are backing it up and updating your security systems . Wendell 's has now reinforced its computer firewalls and replaced parts of its infrastructure that are susceptible to attack . `` We 're getting back on our feet , '' Farrell said . Customers who financed their purchase with Synchrony Financial may have had their account numbers compromised , but according to Wendell 's that threat is low . The business has sent out about 500 letters notifying customers and says they are doing their best to get the word out .
A GandCrab ransomware attackAttack.Ransom, combined with a Comcast outage , caused a Florida Keys school district ’ s computer system to be down for a week . The computer system in a Florida Keys school district were down for a week due to a ransomware attackAttack.Ransom. The problems were made worse when just as the district was bringing up some administration and school computers , Comcast suffered a day-long outage due to a cut fiber . Monroe County School District was the victim of a GandCrab ransomware attackAttack.Ransom. GandCrab , first spotted in January , was dubbed the leading ransomware threat in July . A school district employee working on payroll discovered undisclosed problems on Sunday , Sept 9 , and submitted an IT ticket . IT contacted Symantec and was advised to bring it all down and secure the system . Pat Lefere , executive director of operations and planning for the district , told the Miami Herald , “ This particular one was a variant that Symantec hadn ’ t seen before . They took all of our files and created a patch for us . It was applied to all servers before bringing them back up. ” Symantec shows the latest detected GandCrab ransomware discovered on Wednesday , Sept 12 , but it may not be the variant that hit the Florida school district , as the IT department thought it had fixed the problem on Tuesday morning . Yet upon bringing the system back up , they saw the same issues as when the ransomware was discovered on Sunday and shut the system down again . “ We haven ’ t had any access to data that was inappropriate nor have we had lost data , ” district superintendent Mark Porter later told the Miami Herald . “ The bad news is we haven ’ t had the type of access our employees are used to. ” The cyber attack did not affect payroll , but it did affect delivery of students ’ mid-quarter progress reports . Monroe County School District claimed there were no ransom demandsAttack.Ransom, but since ransomware locks up a system and demands paymentAttack.Ransomto retrieve a decryption key for encrypted files , perhaps the district meant it didn ’ t cave to extortion ? Lefere said , “ That only happens for folks that don ’ t back up their stuff and are so desperate . We recover our files from the last backup. ” The district ’ s website was back up by Wednesday , but the computer systems remained partially down on Thursday . Lefere said the district rebuilt “ each server from scratch to make sure they ’ re clean . ”
When Cloquet school officials realized staff were unable to access certain files the morning of Aug 3 , there may have been a certain amount of negative `` been there , done that '' feeling involved . For the second time in three years , the school district is the target of a ransomware attackAttack.Ransom— a particularly virulent computer malware that spreads from computer to computer , locking up access to network servers and turning documents into gibberish before offering `` help '' in the form of a request for paymentAttack.Ransomto provide a `` key '' to unlock the files . Last time , in March 2016 , the district had to cancel school for a day to allow technology staff time to recover from the malware , which infected some of the district 's servers and many of its more than 600 computers . This time , it happened over summer vacation , and the attack was not as devastating . According to the staff report from Cloquet School District Technology Director T.J.Smith , the virus encrypted files on all servers except one , including network shared drives . However , there is no indication that any information was "stolenAttack.Databreach, '' just that it had been encrypted , so users were unable to open the files . Smith explained to Cloquet School Board members Monday , Aug 13 , that the district had two options , not including paying the ransom demandAttack.Ransom: either try to recover the data , which may not be successful and could be a waste of time and money , or figure out how to recreate the data and rebuild the affected servers . He advocated the second option , noting that the lost data was not `` mission critical '' and that insurance will pay to return the servers to their previous state . Board members voted unanimously for the second option of re-creating information and rebuilding the servers ; they also voted to hire a company to do a `` forensic '' investigation to try and determine how the virus got in . The total cost to the school district for insurance deductibles , estimated at $ 15,000 , will be covered by money already in the technology budget . Superintendent Michael Cary said the district determined that paying a ransomAttack.Ransom`` is not in the best interest of our schools and the community we serve . '' Board Chairman Ted Lammi said he believes such payments to hackers should be illegal . `` Some institutions have paid big bucks and that 's why these guys do it , '' Lammi said . Board member Duane Buytaert , who works in technology for Carlton County , said it can also be a matter of making sure users know how to detect such attacks . `` We all get those wacky emails , '' he said . Staff training should be a priority , board members agreed . On the positive side , Smith said technology staff were able to recover quite a bit of data already , and staff can recreate the data that was lost . The recovery process should not affect the start of school Sept 5 .
Files that were scrambled in a ransomware attackAttack.Ransomon Hāwera High School in Taranaki included school assessments that students had only partly completed as well as backups , principal Rachel Williams has confirmed . More help is on the way for schools battling ransomware and other malware , but it has come a little late for the school which is being held to ransomAttack.Ransomfor US $ 5000 by hackers . N4L , the Crown-owned company that manages the provision of broadband to schools , said it would improve online security as part of a wider upgrade of its managed network that is due to be completed by October next year . The 2450 schools and 800,000 students on the network will get a new security solution supplied by Californian company Fortinet which would provide `` more robust protection against online threats , such as phishingAttack.Phishingand ransomware '' , it said in a statement issued on Monday . Ironically , that was the same day that staff at Hāwera High School switched on their computers to discover the message demandingAttack.RansomUS $ 5000 ( NZ $ 7352 ) in bitcoin for the return of encrypted data on a server containing students ' work and teaching resources . Hāwera High School is connected to ultrafast broadband via N4L , but N4L chief executive Larrie Moore said the school had opted out of N4L 's existing security solution and was instead using an alternative commercial offering . `` We 've been in touch with the school and their IT company to offer our support , '' he said . `` Until we know how the school 's network was compromised , we are unable to say whether the new Fortinet solution would have prevented it , '' he said . But Moore said there was no `` silver bullet '' for malware . Instead , technological protections needed to be used in combination with `` continuous education around good digital citizenship '' , he said . Williams said many of its students and teachers had backed up their files in the cloud and were not affected by the ransomware attackAttack.Ransom, but backups stored on servers at the school were also encrypted by the hackers . `` We have been working today on getting a clearer audit of student and staff work and where we are at . Some students are really not affected at all because they have saved their work on their cloud-based system . `` If students were part-way through an assessment , some of those are the ones that are encrypted and we ca n't access those at the moment . '' The school was working with NZQA to make sure those students were not disadvantaged , she said . Others had backups of their work at home , she said . Williams was not sure how the malware had arrived at the school , saying that was still being investigated . The Government is not believed to have any rules on whether state-funded organisations such as schools can pay ransomsAttack.Ransom, but in 2017 it issued advice against it and Williams said the school would follow police advice not to payAttack.Ransom. While the incident had been annoying , `` you see people 's character come through and we 've seen real resilience from our staff and students '' , Williams said . `` It is not stopping us doing what we need to do . '' N4L said its technology upgrade would be the first major refresh of its network since it began connecting schools with ultrafast broadband at the end of 2013 . Its existing security system had blocked more than 118,000 viruses and malware threats so far during this school year , it said .
Two Iranian men already indicted in New Jersey in connection with a broad cybercrime and extortion scheme targeting government agencies , cities and businesses now face new federal charges in Georgia related to a ransomware attackAttack.Ransomthat caused havoc for the city of Atlanta earlier this year . A federal grand jury in Atlanta returned an indictment Tuesday accusing Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri of violating the Computer Fraud and Abuse Act , federal prosecutors said in a news release Wednesday . The New Jersey indictment against the pair was filed last month on broad conspiracy charges that included the Atlanta cyberattack . Byung “ BJay ” Pak , the U.S. attorney in Atlanta , said in a news release that the Atlanta indictment was sought in coordination with the earlier indictment and seeks to ensure that “ those responsible for the attacks face justice here as well. ” The Atlanta indictment accuses the two men of launching a ransomware attackAttack.Ransomagainst Atlanta that encrypted vital city computer systems . The attack significantly disrupted city operations and caused millions of dollars in losses , prosecutors said . The Department of Justice has said the two men remain fugitives and are believed to be in Iran , though they are not believed to be connected to the Iranian government . No attorney was listed for either man in online court records . In the Atlanta attackAttack.Ransom, a ransomware known as SamSam was used to infect about 3,789 computers belonging to the city , prosecutors said . The ransomware encrypted the files on the computers and showed a ransom note demanding paymentAttack.Ransomfor a decryption key . The note demandedAttack.Ransom0.8 bitcoin per affected computer or six bitcoin to decrypt all affected computers . Atlanta Mayor Keisha Lance Bottoms said in the days after the ransomware attackAttack.Ransomthat the ransom demandAttack.Ransomwas equivalent to $ 51,000 . The ransom note provided a bitcoin address to pay the ransomAttack.Ransomand a website accessible only on the dark web , where it said the city could retrieve the decryption key , prosecutors said . The decryption key became inaccessible shortly after the attack , and the city didn ’ t pay the ransomAttack.Ransom, prosecutors said . The New Jersey indictment filed Nov 27 accuses the two men of creating the SamSam ransomware and says it was used to encrypt the computers of more than 200 victims , including government agencies , cities and businesses . Among the other victims are the city of Newark , New Jersey , the Colorado Department of Transportation , the Port of San Diego and six health care companies across the U.S. , according to the Justice Department . The New Jersey charges include conspiracy to commit wire fraud and conspiracy to commit fraud and related activity in connection with computers . The overall scheme allowed the hackers to make about $ 6 million and caused the victims to lose more than $ 30 million , prosecutors said .
Two Iranian men already indicted in New Jersey in connection with a broad cybercrime and extortion scheme targeting government agencies , cities and businesses now face new federal charges in Georgia related to a ransomware attackAttack.Ransomthat caused havoc for the city of Atlanta earlier this year . A federal grand jury in Atlanta returned an indictment Tuesday accusing Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri of violating the Computer Fraud and Abuse Act , federal prosecutors said in a news release Wednesday . The New Jersey indictment against the pair was filed last month on broad conspiracy charges that included the Atlanta cyberattack . Byung “ BJay ” Pak , the U.S. attorney in Atlanta , said in a news release that the Atlanta indictment was sought in coordination with the earlier indictment and seeks to ensure that “ those responsible for the attacks face justice here as well. ” The Atlanta indictment accuses the two men of launching a ransomware attackAttack.Ransomagainst Atlanta that encrypted vital city computer systems . The attack significantly disrupted city operations and caused millions of dollars in losses , prosecutors said . The Department of Justice has said the two men remain fugitives and are believed to be in Iran , though they are not believed to be connected to the Iranian government . No attorney was listed for either man in online court records . In the Atlanta attackAttack.Ransom, a ransomware known as SamSam was used to infect about 3,789 computers belonging to the city , prosecutors said . The ransomware encrypted the files on the computers and showed a ransom note demanding paymentAttack.Ransomfor a decryption key . The note demandedAttack.Ransom0.8 bitcoin per affected computer or six bitcoin to decrypt all affected computers . Atlanta Mayor Keisha Lance Bottoms said in the days after the ransomware attackAttack.Ransomthat the ransom demandAttack.Ransomwas equivalent to $ 51,000 . The ransom note provided a bitcoin address to pay the ransomAttack.Ransomand a website accessible only on the dark web , where it said the city could retrieve the decryption key , prosecutors said . The decryption key became inaccessible shortly after the attack , and the city didn ’ t pay the ransomAttack.Ransom, prosecutors said . The New Jersey indictment filed Nov 27 accuses the two men of creating the SamSam ransomware and says it was used to encrypt the computers of more than 200 victims , including government agencies , cities and businesses . Among the other victims are the city of Newark , New Jersey , the Colorado Department of Transportation , the Port of San Diego and six health care companies across the U.S. , according to the Justice Department . The New Jersey charges include conspiracy to commit wire fraud and conspiracy to commit fraud and related activity in connection with computers . The overall scheme allowed the hackers to make about $ 6 million and caused the victims to lose more than $ 30 million , prosecutors said .
Ransomware has largely been an opportunistic , rather than a targeted , form of cybercrime with the goal of infecting as many users as possible . That model has worked so effectively that extortion is now ubiquitous when it comes to cybercrime — so much so that even fake attacks are proving to be successful . As I wrote earlier this month , the surge of extortion attacksAttack.Ransomimpacting organizations has led to a number of fake extortion threats , including empty ransomware demandsAttack.Ransomwhere actors contact organizations , lie about the organization ’ s data being encrypted , and ask for moneyAttack.Ransomto remove the non-existent threat . Cybercriminals like to follow the path of least resistance , and an attack doesn ’ t get much easier than simply pretending to have done something malicious . However , attacksAttack.Ransomover the past year have proven that infecting organizations with ransomware can result in much higher payoutsAttack.Ransom. The more disruptive the attack , the more money some organizations are willing to pay to make the problem go away . As a result , ransomware actors are shifting their targets towards more disruptive attacks , which we examine in our latest report , Ransomware Actors Shift Gears : New Wave of Ransomware AttacksAttack.RansomAims to Lock Business Services , Not Just Data . It was just 13 months ago that Hollywood Presbyterian Medical Center made national attention by payingAttack.Ransom$ 17,000 to decrypt its files after a ransomware attackAttack.Ransom. The incident was novel at the time , but those types of stories have since become commonplace . Organizations need to take action to protect themselves against ransomware actors that are trying to find more effective ways to disrupt business operations and demand even higher ransom payoutsAttack.Ransom.
Cyberthieves are increasingly targeting the malicious software , which locks all files on a targeted computer or network until the owner pays upAttack.Ransom, at smaller and arguably more vulnerable organizations . The Catholic Charities of Santa Clara County in California was a recent target . Seconds after a co-worker clicked on a malicious email attachment , “ the compressed file she had opened connected her computer with a server in the Ukraine , ” says Will Bailey , director of IT for the organization . “ It downloaded the ransomware code and began to encrypt files on her device ” . While cyberthieves ostensibly have more to gain from large organizations , experts say they see smaller organizations as lower-hanging fruit . Because a successful breach of an institution with fewer information security resources is easier to achieve and more likely to have a meaningful impact , it is also more likely to result in a payment . “ Small businesses are frequently a more appealing target for ransomware because they sit at the juncture of money and vulnerability , ” says Ryan Olson , director of the Palo Alto Networks Unit 42 cybersecurity threat intelligence team . “ They frequently have more money than individuals , but being small businesses , they lack the more sophisticated defenses that larger business have ” . “ These attackers have also learned that the most profitable method is to hitAttack.Ransommany small businesses with low ransom demandsAttack.Ransom—usually $ 300 to $ 2,000 . Even small businesses can generally afford to pay those amounts ” . — Eric Hodge , director of consulting , IDT911 Consulting The stats are staggering . The frequency of ransomware attacksAttack.Ransomagainst organizations with fewer than 200 employees is poised to “ triple or quadruple ” from that of 2015 , according to Eric Hodge , director of consulting for IDT911 Consulting . And 60 percent of small businesses that suffer a ransomware attackAttack.Ransomare already going out of business within six months , according to the U.S. National Cyber Security Alliance . For many small businesses , if the ransomAttack.Ransomis low enough , and data backups aren ’ t available , experts say the most cost-effective response is often to pay the ransomAttack.Ransom. “ At this point , it seems to be the small companies , and individuals providing service as a company , who are in the crosshairs , ” Hodge says . “ These attackers have also learned that the most profitable method is to hitAttack.Ransommany small businesses with low ransom demandsAttack.Ransom—usually $ 300 to $ 2,000 . Even small businesses can generally afford to pay those amounts ” . Ransomware reportedly has cost U.S. small to midsize businesses alone more than $ 75 billion in damages and payments , according to a September 2016 survey by data protection vendor Datto . Indeed , 31 percent of the Datto survey ’ s respondents said they had experienced multiple ransomware attacksAttack.Ransomwithin a single day , and a whopping 63 percent said these attacks led to downtime in their business operations , which could cost them as much as $ 8,500 per hour . And according to Symantec ’ s 2016 Internet Security Threat Report , 43 percent of last year ’ s phishing emails , the vast majority of which were laced with ransomware , targeted small businesses—up from 18 percent in 2011 . New research indicates that consumers similarly are becoming more attractive ransomware targets . According to a recent study from IBM X-Force , which surveyed 600 business professionals and 1,000 consumers , 54 percent of consumers said they would pay a ransomAttack.Ransomto retrieve their financial data , and 55 percent of parents said they would payAttack.Ransomto have digital photos returned . With cybercriminals constantly upping their game in ransomware , small businesses and consumers have little choice but to remain vigilant and take “ simple steps ” to mitigate the risk of an attack , Palo Alto Networks ’ Olson says . In addition to keeping systems up-to-date with security updates , and taking precautions before opening attachments or clicking on links , he recommends maintaining offline backups—or cloud-based backups outside your network—to recover potentially compromised files .
Over a third of British businesses ( 36 percent ) are not very confident that efforts to completely eradicate a recent ransomware attackAttack.Ransomfrom work systems have been successful . The research , carried out by One Poll , quizzed 500 IT decision makers in companies with 250 or more employees across the UK to uncover the extent to which large British organisations are prepared for the threat of ransomware . The research also considered the proportion of businesses which have been targeted with a successful ransomware attackAttack.Ransomand the current impact of these attacks on corporate devices . 45 percent of large British businesses have fallen victim to a successful ransomware attackAttack.Ransom. Despite this , 11 percent of large organisations still do not have a formal ransomware policy in place . Although British businesses are increasingly threatened by this strain of malware , 38 percent of these unprepared businesses are not planning to implement a ransomware-focused policy in the next 12 months . Conversely , half of this group confirmed that firm plans are in place to put such a policy into practice in the next year . “ Cybercriminals are continuing to exploit British businesses by launching ransomware attacksAttack.Ransomto remove access to mission-critical data or to make significant sums of money by demanding large ransomsAttack.Ransomfor the safe return of such data . Despite this , many organisations have yet to take action and implement policies which will ensure the IT network is well prepared for a possible attack , ” said Chris Mayers , chief security architect , Citrix . “ By committing to robust cybersecurity techniques and ensuring specific policies are in place in case of an attack , companies can lessen the chances of falling prey to ransomware and creating any vulnerabilities for cyber-attackers to find ” . The poll also dug into the extent to which ransomware attacksAttack.Ransomhave affected corporate devices and systems , revealing that IT often faces significant numbers of infected devices . On average , businesses reported that 47 devices had been infected by their most recent ransomware attackAttack.Ransombut one third of businesses with over 1000 employees reported that more than 101 devices were affected . Among those organisations which had fallen victim to a ransomware attackAttack.Ransom, 31 percent saw 25 or fewer devices affected . “ Falling prey to a ransomware campaignAttack.Ransomcan have a devastating effect on a business , from the loss of highly sensitive corporate data to reduced revenues and a sharp decline in public trust . It ’ s worrying to see many businesses are concerned that ransomware may be lingering on the corporate network after mitigation efforts have taken place , particularly when it can spread across many different devices , ” Chris Mayers added .
Imperva , Inc ( IMPV ) , committed to protecting business-critical data and applications in the cloud and on-premises , today announced the results of a survey of 170 security professionals taken at RSA 2017 , the world ’ s largest security conference , exploring their experiences with ransomware . Thirty-two percent of respondents said their company had been infected with ransomware with 11 percent taking longer than a week to regain access to their systems after an attack . According to CNN , in 2016 , the FBI estimated that ransomware would be a $ 1 billion a year crime . More than half ( 59 percent ) of those surveyed said that the cost of downtime due to lack of access to systems for customers and employees was the biggest business impact of a ransomware attackAttack.Ransom. Twenty-nine percent said that if their company suffered a ransomware attackAttack.Ransomwhich resulted in downtime , they would be losing between $ 5,000 and $ 20,000 a day . Twenty-seven percent thought that the amount could be over $ 20,000 a day . “ Whether companies choose to pay the extortionAttack.Ransomor not , the real cost of ransomware is downtime and lost productivity , ” said Terry Ray , chief product strategist at Imperva . “ Even if victims have backup files or are willing to pay the ransomAttack.Ransom, the cost associated with productivity downtime adds up quickly . What ’ s more , the availability of ransomware-as-a-service , combined with high profits for the attackers , means ransomware attacksAttack.Ransomare likely to escalate in 2017 , ” he added . “ The interesting thing about ransomware is how simple it is to execute and how easy it is to inflict damage . Organizations tend to think of hacking as though it was rocket science which always puts them on the losing end . The reality is that hacking is most often simple , and mitigating it requires proper attention and tools which do exist and are within reach of most enterprises . Hacking is a serious business and enterprises should , therefore , treat information security seriously , ” Ray concluded .
Imperva , Inc ( IMPV ) , committed to protecting business-critical data and applications in the cloud and on-premises , today announced the results of a survey of 170 security professionals taken at RSA 2017 , the world ’ s largest security conference , exploring their experiences with ransomware . Thirty-two percent of respondents said their company had been infected with ransomware with 11 percent taking longer than a week to regain access to their systems after an attack . According to CNN , in 2016 , the FBI estimated that ransomware would be a $ 1 billion a year crime . More than half ( 59 percent ) of those surveyed said that the cost of downtime due to lack of access to systems for customers and employees was the biggest business impact of a ransomware attackAttack.Ransom. Twenty-nine percent said that if their company suffered a ransomware attackAttack.Ransomwhich resulted in downtime , they would be losing between $ 5,000 and $ 20,000 a day . Twenty-seven percent thought that the amount could be over $ 20,000 a day . “ Whether companies choose to pay the extortionAttack.Ransomor not , the real cost of ransomware is downtime and lost productivity , ” said Terry Ray , chief product strategist at Imperva . “ Even if victims have backup files or are willing to pay the ransomAttack.Ransom, the cost associated with productivity downtime adds up quickly . What ’ s more , the availability of ransomware-as-a-service , combined with high profits for the attackers , means ransomware attacksAttack.Ransomare likely to escalate in 2017 , ” he added . “ The interesting thing about ransomware is how simple it is to execute and how easy it is to inflict damage . Organizations tend to think of hacking as though it was rocket science which always puts them on the losing end . The reality is that hacking is most often simple , and mitigating it requires proper attention and tools which do exist and are within reach of most enterprises . Hacking is a serious business and enterprises should , therefore , treat information security seriously , ” Ray concluded .
Now , more than ever , a recent report suggests that India ranks second in ransomware attacksAttack.Ransom, this does not come as a surprise to many , especially the industry experts , considering that the country ’ s current state of digital security isn ’ t geared up to handle the emerging threats . It ’ s very likely that India tops the list soon , considering the rapid growth of ransomware . To compound it , the growth in “ Internet of Things ” ( IoT ) industry and the vulnerability towards cyber infections will further fuel new types of malware threats . We had reported earlier in our findings that over 180 Indian companies were victims of Ransomware online extortion schemesAttack.Ransomin the first six months of the year 2016 , causing a loss of whopping $ 3 billion . However , the latest industry reports show a rather grim picture around Ransomware - the findings indicate that businesses in India are most at risk to cyber security attacks globally , with organizations in the country experiencing the highest number of weekly security incidents of all Asian countries surveyed ( 14.8 per cent ) . At the heart of it , Ransomware is a class of malware that ’ s designed for moneymaking with clear criminal intent . The puzzling part about Ransomware is that , no matter what the situation is , even if the ransom is paidAttack.Ransom, there is no guarantee that computer users will be able to fully access their systems ever again . The criminal may flee with the money and the files- both ! While some hackers instructAttack.Ransomvictims to payAttack.Ransomthrough Bitcoin , MoneyPak or other online methods , attackers could also demandAttack.Ransomcredit card data , adding another level of financial loss altogether . Cryptolocker , Petya and Dogspectus are three of the major ransomware making their presence felt strongly . Just like kidnapping for ransomAttack.Ransom, it ’ s a virtual kidnappingAttack.Ransomof data where information is kept as a hostage and money is demandedAttack.Ransomin exchange of freeing the hostage . We all know how much damage a data breachAttack.Databreachcan cost- monetarily as well as reputation wise . Once a ransomware attackAttack.Ransomstrikes , clicking of files yield no results . The malware has corruptedAttack.Databreachthe files and converted them into foreign MP3 files or an encrypted RSA format . And then , the victim gets a note in a text file or HTML file : “ Help_Decrypt_Your_Files ” . In a majority of the cases , once ransomware enters a system , there is no way a user can remove it without losing some files or data , even if one pay the ransomAttack.Ransom. Of late , ransomware has even left behind advanced persistent threat ( APT ) network attacks to grab the numero uno spot in the list of deadliest cyber crimes . Ransomware is fast evolving in form and increasing in number as well , thereby making it more difficult to protect against it . Each version has some properties that are unique to that version alone . This is scary because what is means is , if someone finds a solution to block or erase one version of a malware , that same solution may not work for the newer versions . However , a vast number of ransomware variants are still utilizing the same type of encryption technologies to infect systems . And what ’ s more , these encryption technologies are not just limited to common ones like Tor or I2P communication , but beyond
Cybercriminals have another easy-to-use ransomware kit to add to their arsenals , thanks to a new variant called Karmen that hackers can buy on the black market for $ 175 . A Russian-speaking user called DevBitox has been advertising the ransomware in underground forums , security firm Recorded Future said in a blog post on Tuesday . Karmen is what experts call ransomware-as-a-service -- a particularly worrisome trend . Amateur hackers with little technical know-how can buy access to them , and in return , they ’ ll receive a whole suite of web-based tools to develop their own ransomware attacks . In Karmen 's case , it offers an easy-to-use dashboard interface . Buyers can modify the ransomware , view what machines they 've infected , and see how much they ’ ve earned . To spread ransomware , hackers will often rely on spam emails with an attachment or a link to a website that contains malicious coding . Once it infects a computer , the ransomware will then encrypt the files hosted inside . To release the files , victims will have to pay upAttack.Ransom, usually in bitcoin . DevBitox , one of the developers behind Karmen , has posted messages in various forums saying that Russian and English language versions of the ransomware-as-a-service are available . The dashboard to the Karmen ransomware-as-a-service . So far , the hacker has sold 20 copies of Karmen , according to Recorded Future , which noted that the first infections of the ransomware variant occurred as early as December in Germany and the U.S . The $ 175 fee is a one-time upfront payment , said Andrei Barysevich , a director at Recorded Future . “ This lowers the barrier for other criminals to carry out ransomware attacksAttack.Ransom, and allows buyers to retain 100 percent of payments from their infected victims , ” he added . However , victims hitAttack.Ransomwith the Karmen ransomware have recourse . That ’ s because the malicious coding is derived from Hidden Tear , an open source ransomware project . Cybercriminals have been using Hidden Tear to build their own ransomware variants . However , security experts have been responding with free decryption tools designed to release computers of the infections . Michael Gillespie , a security researcher , has developed his own decryption key generator that can address ransomware built from Hidden Tear . He advises that victims contact him for help . Gillespie has also developed a site that can diagnose what kind of ransomware has infected a computer , and offers advice on how it might be fixed . No More Ransom is another site with free tools that can decrypt certain ransomware infections . Security experts also recommend that businesses make routine backups of their important systems , in the event of a ransomware attackAttack.Ransom.
Services are being restored to the St. Louis Public Library computer system after a ransomware attackAttack.Ransomlast Thursday impacted access to machines and data at all 17 branches . Library management refused to payAttack.Ransomthe $ 35,000 demanded as ransomAttack.Ransom, and IT staff wiped affected servers and restored them from available backups . On Friday , the library was able to restart its circulation workflow , and patrons were able to check out books at all locations . By Saturday , checkout and returns systems were at 100 percent availability , and now only the library ’ s reserve system remains to be restored . That work began on Monday and is expected to be up and running shortly . Executive director Waller McGuire said the library immediately reached out to the FBI for help with the investigation , and it ’ s not clear where the infection began , nor how it spread throughout the library network . “ The real victims of this criminal attack are the Library ’ s patrons . SLPL has worked hard to open a secure but widely available digital world to the people of St. Louis , and I am sorry it was interrupted , ” McGuire said in a letter to library patrons published on Monday . “ An attempt to hold information and access to the world for ransomAttack.Ransomis deeply frightening and offensive to any public library , and we will make every effort to keep that world available to our patrons ” . McGuire also said that patrons ’ personal and financial information is not stored on its servers , and none of that data was impacted by the attack . Louis Public Library has been working with the FBI to identify how criminals broke into our system and correct the problem , ” McGuire said . “ I apologize to patrons for any inconvenience this incident has caused : on most days thousands of St. Louis Public Library patrons check out materials and use computers for many purposes ” . A request for additional comment from McGuire was not returned in time for publication . It ’ s unknown which ransomware family was used to attack the library , nor how the infection started . McGuire said in his letter to patrons that criminals broke into the library network and installed malware . This runs contrary to most ransomware infections where the malware is spread in spam or phishing emails enticing the victim to open a malicious email attachment or click on a link in the message that downloads the malware . The St. Louis library is the latest in a growing list of high-profile businesses and public services falling victim to ransomware . Less than a year has passed since the Hollywood Presbyterian attackAttack.Ransom, in which a $ 17,000 ransom was paidAttack.Ransom, and the Kentucky Methodist Hospital attackAttack.Ransom, in which officials reportedly refused to payAttack.Ransom. The University of Calgary also fell victim as have other colleges , universities , local law enforcement and government agencies , and entertainment organizations .
Two-thirds of police internet-connected CCTV cameras in Washington DC were forced offline in January ahead of the presidential inauguration after a ransomware attackAttack.Ransom. Officials told the Washington Post that 123 out of a network of 187 cameras were affected . The devices are apparently used run by the police to monitor public spaces . The attack targeted 70 % of the storage systems on which camera data is recorded , leaving them out of action from 12 to 15 January , the report claimed . However , the issue was resolved by removing each device ’ s software and reinstalling at each site . There are said to have been at least two forms of ransomware on the system , although local officials have played down the seriousness of the attack . The ransomware was isolated to the CCTV network and didn ’ t affect police investigations or put public safety in jeopardy , according to the report . In related news , police in Texas have lost nearly eight years ’ worth of digital evidence after refusing to pay a ransomware fineAttack.Ransom. The Cockerell Hill Police Department in south Dallas decided after speaking to the FBI not to payAttack.Ransomthe near $ 4000 ransomAttack.Ransomafter discovering the malware in mid-December . The ransomware was introduced to the network via a spam email spoofed to imitateAttack.Phishinga department-issued address . A statement published by WFAA last week has the following : “ This virus affected all Microsoft Office Suite documents , such as Word documents and Excel files . In addition , all body camera video , some in-car video , some in-house surveillance video , and some photographs that were stored on the server were corruptedAttack.Databreachand were lost . No information contained in any of those documents , videos , or photographs was extracted or transmitted outside of the Police Department ” . The files affected date all the way back to 2009 , although the police tried to play down the impact on investigations , claiming that hard copies of all documents and “ the vast majority ” of videos and photographs are still kept on CD/DVD . “ It is unknown at this time how many total digital copies of documents were lost , as it is also unknown how many videos or photographs that could have assisted newer cases will not be available , although the number of affected prosecutions should remain relatively small , ” it noted
A lot of things can go wrong on your holidays , like losing luggage or missing a flight , forgetting your travel documents or getting sick at the worst possible time . But have you ever been locked out of your hotel room because of a cyberattack ? That ’ s just what happened to guests at a luxury hotel in Austria when they were left stranded outside of their rooms after a ransomware attackAttack.Ransomthat overrode electronic key systems . This concept , which can be summed up as “ if you don ’ t pay , your guests won ’ t be able to get into their rooms ” , underscores a strategy shift in ransomware . Instead of directly attackingAttack.Ransomthe hotel chain directly , cybercriminals are looking to increase profitability by compromisingAttack.Databreachthe well-being of paying customers . Infected computers and POS systems , credit card theftAttack.Databreach, accessAttack.Databreachto confidential information… in the age of the Internet of Things and smart homes , these attacksAttack.Databreachare becoming commonplace or even antiquated . Clearly the attacksAttack.Databreachthat this industry has been experiencing are not something casual or fleeting . Behind them lies a real economic interest and a preoccupation with stealthy operations . The hotel sector has become a major target for organized cybercriminals in possession of malware specifically designed to harm its running smoothly , not only in payment systems , but also by sealing off access to your room , turning lights on and off , or locking your blinds . This is , undoubtedly , a worrisome situation that could cause significant harm not only on an economic level , but also a PR level , sowing fear among clientele .
Schools and colleges are being warned to be on the lookout for ransomware attacksAttack.Ransom, after a wave of incidents where fraudsters attempted to trickAttack.Phishingeducational establishments into opening dangerous email attachments . What makes the attacksAttack.Phishingunusual , however , is just how the attackers trickedAttack.Phishingusers into clicking on the malware-infected attachments . As Action Fraud warns , confidence tricksters are phoning up schools and colleges pretending to beAttack.Phishingfrom the “ Department of Education ” . The fraudsters request the email or phone number of the institution ’ s head teacher or financial administrator claiming they need to sendAttack.Phishingguidance forms to the individual directly , as they contain sensitive information . The emails , however , have a .ZIP file attached , which often contains a boobytrapped Word document or Excel spreadsheet which initiates the ransomware infection . According to reports , up to £8,000 can be demandedAttack.Ransomfor the safe decryption of files on the victims ’ computers . That is , of course , money that few schools can afford to spend . Similar scams have posed as beingAttack.Phishingfrom telecoms providers claiming to need to speak to the head teacher about “ internet systems ” or the Department of Work and Pensions . In all cases the chances of the attack succeeding are increased by the fact that it is prefaced by a phone call . We ’ re all very used to receiving suspicious emails in our inbox , but may be caught off guard if it is accompanied by an official-sounding phone call . Action Fraud ’ s warning indicates that there are considerable amounts of money to be made by online criminals through ransomware attacksAttack.Ransom. If there weren ’ t , they wouldn ’ t be prepared to go to such extreme efforts ( such as making bogus phone calls ) to increase the likelihood that their poisoned email attachments will be opened . More money can typically be extortedAttack.Ransomfrom an organisation than an individual , with some corporations having paid outAttack.Ransomhuge sums to blackmailers after having their data locked away through a ransomware attackAttack.Ransom.
KillDisk was one of the components associated with the Black Energy malware that a group of attackers used in December 2015 to hit several Ukrainian power stations , cutting power for thousands of people . A month before that , it was used against a major news agency in Ukraine . Since then , KillDisk has been used in other attacks , most recently against several targets from the shipping sector , according to security researchers from antivirus vendor ESET . However , the latest versions have evolved and now act like ransomware . Instead of wiping the data from the disk , the malware encrypts it and displays a message asking forAttack.Ransom222 bitcoins to restore them . That 's the equivalent of $ 216,000 , an unusually large sum of money for a ransomware attackAttack.Ransom. What 's even more interesting is that there 's also a Linux variant of KillDisk that can infect both desktop and server systems , the ESET researchers said Thursday in blog post . The encryption routine and algorithms are different between the Windows and the Linux versions , and on Linux , there 's another catch : The encryption keys are neither saved locally nor sent to a command-and-control server , and the attackers ca n't actually get to them . `` The cyber criminals behind this KillDisk variant can not supply their victims with the decryption keys to recover their files , despite those victims payingAttack.Ransomthe extremely large sum demandedAttack.Ransomby this ransomware , '' the ESET researchers said . The good news is that there 's a weakness in the encryption mechanism for the Linux version that makes it possible -- though difficult -- for the victim to recover the files . It 's not clear why the KillDisk creators have added this encryption feature . It could be that they 're achieving the same goal as in the past -- destruction of data -- but with the ransomware tactic there 's also a small chance that they 'll walk away with a large sum of money
Researchers at security vendor Check Point have warned of a ransomware attackAttack.Ransomtargeting HR departments . This attackAttack.Ransomis currently targeted at German speaking companies and pretends to beAttack.Phishinga job application . Researchers say that the email comes with two attachments . A covering letter which is a standard PDF and an Excel file containing the GoldenEye variant of the Petya ransomware . According to the blog , when the user opens the Excel file : “ It contains a picture of a flower with the word “ Loading… ” underneath , and a text in German asking the victim to enable content so that the macros can run ” . Once enabled the macros begin encrypting the local user files before displaying the ransom note : “ YOUR_FILES_ARE_ENCRYPTED.TXT ” The computer is then rebooted and GoldenEye begins encrypting the entire hard disk . Eventually the user is presented with a message telling them they are infected with the GoldenEye ransomware . They are askedAttack.Ransomto download the Tor Browser and pay a ransomAttack.Ransomof at least 1.3 Bitcoin ( BTC ) . The surge in value for Bitcoin at the end of 2016 has driven the price up . As of today the price of a single Bitcoin is $ 1,148 meaning that unlocking the computer will cost the user almost $ 1,500 . Interestingly the researchers believe that the malware owner is trying to get around $ 1,000 per victim . This means that with the fluctuation in the price of BTC they will have to keep adjusting their ransom demandsAttack.Ransom.
Democrats in Pennsylvania ’ s state Senate were locked out of their computer network early Friday morning due to a ransomware attackAttack.Ransom, NBC News reports . According to an unidentified state official who spoke with NBC , the Democratic senators in Harrisburg use their own computer network and “ there is no indication that other state agencies of the Republicans have been affected ” . As of about 5 p.m. Friday , both law enforcement agencies and Microsoft were working with the state Democrats to free their network . In a statement sent to reporters via text message and obtained by The Hill , state party officials said , “ there is currently no indication that the caucus system was targeted or that any data has been compromisedAttack.Databreach” . Recently , ransomware attacksAttack.Ransomhave struck everywhere from hospitals and universities to San Francisco ’ s transit system . Last summer , the congressional IT desk warned representatives in Washington DC to be careful of potential ransomware and phishing threatsAttack.Phishing, but the hacks on the DNC were unrelated . In many cases , the payment demandedAttack.Ransomis only in the tens of thousands of dollars , and occasionally ransomware can be spammed without a specific target , but the affected computer systems are encrypted and inaccessible until the hackers release a key . If a network ’ s data is backed up offsite , the target can occasionally circumvent the ransomAttack.Ransomaltogether — albeit with some increased security . A spokesperson for the Pennsylvania Democrats declined to say to NBC News whether that was possible in this case , or whether the attackers had revealed any motives