by a ransomware attackAttack.Ransomthat has locked senators and employees out of their computer network since the early morning hours of Friday , state officials told NBC News . In a statement , Sen. Jay Costa , the Democratic leader , said the Democrats were working with law enforcement agencies and Microsoft to resolve the problem . He did not say what payment has been demandedAttack.Ransomto unlock the data , or whether the attackers had suggested any political motive . In a ransomware attackAttack.Ransom, hackers inject a network with malware that typically encrypts important data , and then demand paymentAttack.Ransomin exchange for a key that releases the data . They threaten to destroy the data if they are n't paidAttack.Ransom. The Democratic senators in the state capital of Harrisburg are on their own computer network and there is no indication that other state agencies of the Republicans have been affected , said a state official who declined to be identified . The official said the Democrats had no idea whether they were targeted for any specific reason . A spokeswoman for the FBI was looking into whether that agency had been called in . A spokeswoman for the Pennsylvania Democrats , Stacey Witalec , declined to say whether the data was backed up elsewhere or whether the attackers had identified themselves or any motive .
Robert Gren was working from home on Friday when , all of a sudden , his laptop stopped working . What he initially thought was just a kink in his computer ’ s software was in fact part of a global ransomware attackAttack.Ransomthat has affected more than 200,000 computers and caused untold havoc from China to Britain . Now , Mr. Gren and the thousands of other victims worldwide face an agonizing choice : either hand over the ransomAttack.Ransom— a figure that has climbed to $ 600 for each affected machine — by a deadline this Friday , or potentially lose their digital information , including personal photos , hospital patient records and other priceless data , forever . “ I ’ m pretty devastated , ” said Mr. Gren , 32 , a manager of an online entertainment business in Krakow , Poland , who has spent almost all of his waking hours since Friday looking for ways to reclaim his digital data . “ I ’ ve lost private files that I have no other way of recovering . For me , the damage has been huge. ” That decision has become even more difficult as cybersecurity experts and law enforcement officials have repeatedly warned people against paying the ransomAttack.Ransomahead of this week ’ s deadline . Aside from dissuading victims from handing over moneyAttack.Ransomthat may help fund further such attacks , they caution that it is not guaranteed the attackers will return control of people ’ s computers even if they payAttack.Ransomthe assailants in bitcoin , a digital currency favored in such ransomware attacksAttack.Ransomthat can be difficult to trace . Officials also note that the attackers , who have yet to been named , have provided only three bitcoin addresses — similar to a traditional bank routing number — for all global victims to deposit the ransomAttack.Ransom, so it may prove difficult to know who has paid the digital feesAttack.Ransom. This haphazard planning has led many victims to hold off payingAttack.Ransom, at least until they can guarantee they will get their data back . So far , roughly $ 80,000 has been depositedAttack.Ransominto the bitcoin addresses linked to the attackAttack.Ransom, according to Elliptic , a company that tracks online financial transactions involving virtual currencies . F-Secure , a Finnish cybersecurity firm , has confirmed that some of the 200 individuals that it had identified , who had paid the ransomAttack.Ransom, had successfully had their files decrypted . Yet that represented a small fraction of those affected , and the company said it still remained unlikely that people would regain control of their computers if they paid the online feeAttack.Ransom. The tally of ransom paymentsAttack.Ransommay rise ahead of Friday ’ s deadline , but cybersecurity experts say the current numbers — both total ransom money paidAttack.Ransomand machines decrypted — are far short of early estimates forecasting that the digital attack may eventually cost victims hundreds of millions of dollars in combined ransom feesAttack.Ransom. “ I predict this may be an epic failure , ” said Kim Peretti , a former senior litigator in the Department of Justice ’ s computer crime and intellectual property division who now is co-chairwoman of the cybersecurity preparedness and response team at Alston & Bird , an international law firm . “ Because of the publicity of this attack and the public ’ s awareness of people potentially not getting their files back , the figures aren ’ t as high as people had first thought. ” For victims of such attacks , the potential loss of personal or business files can be traumatic . In typical ransomware cases , including the most recent hack , assailants sendAttack.Phishingan encrypted email to potential targets . The message includes a malware attachment that takes over their machines if opened . The attackers then demand paymentAttack.Ransombefore returning control of the computers , often through money paid into bitcoin or other largely untraceable online currencies .
A new form of ransomware has emerged which is , unusually , being distributed by two separate exploit kits -- one of which was thought to have disappeared -- and demands paymentAttack.Ransomin a lesser-known form of cryptocurrency . First seen on January 26 , GandCrab has been spotted being distributed by two exploit kits , RIG EK and GrandSoft EK . According to researchers at security company Malwarebytes , it 's unusual in itself for ransomware to be pushed using an exploit kit , with such tactics usually reserved for trojans and coin-miners . An exploit kit is used by cybercriminals to take advantage of vulnerabilities in systems in order to distribute malware and perform other malicious activities . In contrast , ransomware is usually delivered by spam email . The only other form of ransomware known to be consistently distributed with an exploit kit is Magniber . GandCrab is distributed via the RIG exploit kit , which uses vulnerabilities in Internet Explorer and Flash Player to launch JavaScript , Flash , and VBscript-based attacks to distribute malware to users . It 's possible that RIG spreads GandCrab to victims using malvertising on compromised websites , in an attack method similar to that used by Princess ransomware . GandCrab is also distributed using GrandSoft , an exploit kit which first appeared in 2012 , but was thought to have disappeared . The GrandSoft EK takes advantage of a vulnerability in the Java Runtime Environment which allows attackers to remotely execute code , and in this case is used to distribute GandCrab . Once the payload has been dropped and run on a compromised system , GandCrab , for the most part , acts like any other form of ransomware , encrypting Windows files using an RSA algorithm and demanding paymentAttack.Ransomfor the 'GandCrab Decryptor ' required to unlock the files . The encrypted files gain a .GDCB extension , with the encryption loop designed in such a way it will eventually affect every file on the drive . However , unlike many forms of ransomware , GandCrab does n't demand paymentAttack.Ransomin bitcoin , but rather in a form of cryptocurrency called Dash . Those behind the ransomware demandAttack.Ransom1.5 Dash ( listed on the note as $ 1,200 , although the fluctuating prices mean it 's ever changing ) as a ransomAttack.Ransom, a price which doubles to three Dash ( $ 2,400 ) if the price is n't paidAttack.Ransomwithin a few days . The demandAttack.Ransomfor payment in Dash represents the latest example of ransomware distributors attempting to move away from bitcoin and onto other cryptocurrency , for reasons ranging from increased privacy and security to other forms of blockchain-based virtual currency being less popular than bitcoin and therefore quicker to process . There 's currently no means of decrypting GandCrab ransomware files for free at this time , meaning the best way to avoid falling victim is to ensure all software updates and patches have been appliedVulnerability-related.PatchVulnerabilityto ensure the vulnerabilities exploitedVulnerability-related.DiscoverVulnerabilityby the exploit kits ca n't be used to distribute ransomware from infected sites .
Cybersecurity experts and companies on Long Island are looking for ways to shore up the weakest link on company computer networks : the employee . Local cybersecurity professionals are creating interactive comic books , testing employees with simulated phishing emails — tailored messages that seek to obtain key information , such as passwords — and seeking to convince top executives that the threat of business disruption from hacking requires their attention . “ The biggest problem is not the technology ; it ’ s the people , ” said Laurin Buchanan , principal investigator at Secure Decisions , a division of Northport software developer Applied Visions Inc. Sixty percent of cyber-assaults on businesses can be traced to insiders ’ actions , either inadvertent or malicious , according to a 2016 study by IBM Security . The average cost of a data breachAttack.Databreachfor U.S. companies is $ 7.4 million , or $ 225 per lost or stolen record , a June 2017 study by IBM and the Ponemon Institute , a Traverse City , Michigan , researcher , found . Costs related to data breachesAttack.Databreachcan include the investigation , legal costs to defend against and settle class-action lawsuits , credit monitoring for affected customers , and coverage of fraud losses . Harder to gauge is the cost to a company ’ s reputation . One of the largest hacksAttack.Databreachever was disclosed this month , when credit reporting company Equifax Inc. revealed that sensitive data from 143 million consumers , including Social Security numbers and birth dates , was exposedAttack.Databreach. A stock analyst from Stifel Financial Corp. estimated that the attack will cost Equifax about $ 300 million in direct expenses . Investors seem to think the incident will have a much greater impact on At a seminar in Garden City this month , Henry Prince , chief security officer at Shellproof Security in Greenvale , explained how in a ransomware attackAttack.Ransom— one of many types — cybercriminals can buy specialized tools such as those used to sendAttack.Phishingphishing emails . The easy availability of that software means that hackers require “ no programming experience , ” Prince said . Phishing emails can be blocked by company email filters , firewalls and anti-virus software . But if one gets throughAttack.Phishingand an employee clicks on the link in the phishing email , the business ’ network is compromised . Hackers can then encrypt files , preventing access to them by the company and crippling the business , Prince said at the seminar . Hackers then can demand paymentAttack.Ransom, typically in an untraceable cryptocurrency like Bitcoin — a digital asset that uses encryption — before agreeing to decrypt the files . “ Ransomware is a business to these people , ” Prince said . “ Ninety-nine percent of the time , ransomware requires user interaction to infect. ” Della Ragione echoed that sentiment : “ The greatest risk at a company is the employees . Training employees is one of the best steps in shoring up your defenses. ” In response , many local experts and companies focus on teaching employees how to resist hackers ’ tricks . Secure Decisions has developed interactive comics to teach employees ways of detecting “ phishing ” emails and other hacking attempts . The company has gotten more than $ 1 million for research related to the interactive comic project , known as Comic-BEE , from the Department of Homeland Security , as well as a grant for $ 162,262 from the National Science Foundation . The comics , inspired by children ’ s “ Choose Your Own Adventure ” books , feature different plots depending on the reader ’ s choices . “ If you can give people the opportunity to role-play , some of the exhortations by the experts will make more sense , ” Buchanan said . The comics are being field-tested at several companies and Stony Brook University . They were featured in July at a DHS cybersecurity workshop in Washington , D.C. Radu Sion , a computer science professor at Stony Brook and director of its National Security Institute , which studies how to secure digital communications , acknowledged that security is far from a priority for most users . “ Ultimately , the average Joe doesn ’ t care , ” he said . “ You [ should ] treat the vast majority of your users as easily hackable. ” Northwell Health , the New Hyde Park-based health care system that is the largest private employer in New York State , is trying to find and get the attention of those inattentive employees . Kathy Hughes , Northwell vice president and chief information security officer , sends out “ phishing simulations ” to the workforce . The emails are designed to mimicAttack.Phishinga real phishing campaignAttack.Phishingthat seeks passwords and personal information . In April , for instance , Northwell sent outAttack.Phishingphishing emails with a tax theme . Hughes collects reports on which employees take the baitAttack.Phishingby user , department and job function . “ We present them with a teachable moment , ” she said . “ We point out things in the email that they should have looked at more carefully. ” The emails are supplemented with newsletters , screen savers and digital signage reminding users that hackers are lurking . Another tool : Non-Northwell emails have an “ external ” notation in the subject line , making it harder for outsiders to pretend to beAttack.Phishinga colleague . “ We let [ the employees ] know that they are part of the security team , ” she said . “ Everybody has a responsibility for security. ” One of the most important constituencies for security is top executives . Drew Walker , a cybersecurity expert at Vector Solutions in Tampa , Florida , said many executives would rather not know about vulnerabilities to their computer systems , because knowledge of a hole makes them legally vulnerable and casts them in a bad light . “ Nine times out of 10 , they don ’ t want to hear it , ” he said . “ It makes them look bad. ” Richard Frankel , a former FBI special agent who is of counsel at Ruskin Moscou , said that company tests of cybersecurity readiness often snare CEOs who weren ’ t paying attention to training . But attorney Della Ragione said high-profile attacks are getting notice from executives . “ Everyone ’ s consciousness is being raised , ” she said . Data leaksAttack.Databreachat Long Island companies have caused executives to heighten security . In 2014 , Farmingdale-based supermarket chain Uncle Giuseppe ’ s Marketplace said that foreign hackers had breachedAttack.Databreachthe credit card database of three stores . Joseph Neglia , director of information technology at Uncle Giuseppe ’ s , said that after the data breachAttack.Databreach, which affected about 100 customers , the company began scheduling “ monthly vulnerability scans ” and upgraded its monitoring and security systems . For businesses , Stony Brook ’ s Sion said , the cybersecurity threat is real and immediate . “ I need one second with your machine to compromise it forever and ever , ” he said . “ It ’ s an uphill battle . ”
The city has spent the past two weeks restoring online services disruptedAttack.Ransomby ransomware that held encrypted data hostage . Soon after Atlanta City Auditor Amanda Noble logged onto her work computer the morning of March 22 , she knew something was wrong . The icons on her desktop looked different—in some cases replaced with black rectangles—and she noticed many of the files on her desktop had been renamed with “ weapologize ” or “ imsorry ” extensions . Noble called the city ’ s chief information security officer to report the problem and left a message . Next , she called the help desk and was put on hold for a while . “ At that point , I realized that I wasn ’ t the only one in the office with computer problems , ” Noble says . Those computer problems were part of a high-profile “ransomware” cyberattackAttack.Ransomon the City of Atlanta that has lasted nearly two weeks and has yet to be fully resolved . During that time the metropolis has struggled to recover encrypted data on employees ’ computers and restore services on the municipal Web site . The criminals initially gave the city seven days to payAttack.Ransomabout $ 51,000 in the cryptocurrency bitcoin to get the decryption key for their data . That deadline came and went last week , yet several services remain offline , suggesting the city likely did not pay the ransomAttack.Ransom. City officials would not comment on the matter when contacted by Scientific American . The Department of Watershed Management , for example , still can not accept online or telephone payments for water and sewage bills , nor can the Department of Finance issue business licenses through its Web page . The Atlanta Municipal Court has been unable to process ticket payments either online or in person due to the outage and has had to reschedule some of its hearings . The city took down two of its online services voluntarily as a security precaution : the Hartsfield–Jackson Atlanta International Airport wi-fi network and the ability to process service requests via the city ’ s 311 Web site portal , according to Anne Torres , Atlanta ’ s director of communications . Both are now back online , with airport wi-fi restored Tuesday morning . The ransomware used to attack Atlanta is called SamSam . Like most malicious software it typically enters computer networks through software whose security protections have not been updated . When attackers findVulnerability-related.DiscoverVulnerabilityvulnerabilities in a network , they use the ransomware to encrypt files there and demand paymentAttack.Ransomto unlock them . Earlier this year attackers used a derivative of SamSam to lock up files at Hancock Regional Hospital in Greenfield , Ind . The health care institution paidAttack.Ransomnearly $ 50,000 to retrieve patient data . “ The SamSam ransomware used to attackAttack.RansomAtlanta is interesting because it gets into a network and spreads to multiple computers before locking them up , ” says Jake Williams , founder of computer security firm Rendition Infosec . “ The victim then has greater incentive to pay a larger ransomAttack.Ransomin order to regain control of that network of locked computers. ” The city ’ s technology department—Atlanta Information Management ( AIM ) —contacted local law enforcement , along with the FBI , Department of Homeland Security , Secret Service and independent forensic experts to help assess the damage and investigate the attack . The attackers set upAttack.Ransoman online payment portal for the city but soon took the site offline after a local television station published a screen shot of the ransom note , which included a link to the bitcoin wallet meant to collect the ransomAttack.Ransom. Several clues indicate Atlanta likely did not payAttack.Ransomthe attackers , Williams says . “ Ransomware gangs typically cut off communications once their victims get law enforcement involved , ” he says . “ Atlanta made it clear at a press conference soon after the malware was detected ” that they had done so . The length of time it has taken to slowly bring services back online also suggests the cyber criminals abandoned Atlanta without decrypting the city ’ s files , Williams says . “ If that ’ s the case , the city ’ s IT staff spent the past week rebuilding Atlanta ’ s online systems using backed-up data that had not been hitAttack.Ransomby the ransomware , ” he says , adding that any data not backed up is likely “ lost for good. ” “ If the city had paid the ransomAttack.Ransom, I would have expected them to bring up systems more quickly than they have done , ” says Justin Cappos , a professor of computer science and engineering at New York University ’ s Tandon School of Engineering . “ Assuming the city did not pay the ransomAttack.Ransom, their ability to recover their systems at all shows that they at least did a good job backing up their data . ”
Officials in Madison County say a ransomware attackAttack.Ransomhas left the county struggling to conduct business . County Commissioner Brent Mendenhall tells the Post Register in a story on Wednesday county employees have been unable to send emails since Sunday . Madison County Clerk Kim Muir says the county is using backup data from Saturday to issue paychecks Thursday . The objective of ransomware is to cut off a user 's access to computer systems and then demand paymentAttack.Ransomto return that access . Mendenhall and Muir say they have no intention of paying the ransomAttack.Ransomand have n't looked to see how much is being demandedAttack.Ransom. Mendenhall credited county workers for backing up data , meaning the system can be restored without paying the ransomAttack.Ransom.
Locky ransomware attacksAttack.Ransomhave dramatically decreased during December 2016 , according to Check Point . Locky , which uses massive spam campaigns as a major distribution vector , only surfaced in 2016 but has rapidly become one of the most popular tools for cybercriminals , part of a growing trend for ransomware cyberattacksAttack.Ransomthat encrypt data on the target machine and demand paymentAttack.Ransomin return for decrypting it . In December , researchers recorded an 81 % drop in the average number of Locky infections per week , compared with the weekly averages of October and November causing it to drop out of the top 10 global malware families for the first time since June 2016 . Overall , they tracked an 8 % decrease in the number of recognized malware attacks on organizations in December , which could be attributed to a Christmas holiday slowdown . Research also revealed the most prevalent mobile malware during December 2016 , and once again attacks against Android devices significantly more common than iOS .