An anonymous computer hacker has demanded Attack.Ransom US $ 5000 from a provincial high school to return course work they are holding for ransom Attack.Ransom . Hāwera High School staff in South Taranaki switched on their computers on Monday to discover a message demanding payment Attack.Ransom for the return of encrypted data on a server containing students ' work and teaching resources , principal Rachel Williams said . The hack Attack.Databreach did not affect student and staff records but the entire school network was taken offline as a precaution . The only devices being used at the school are running off their own data or a hotspot from a mobile phone , she said.Forensics experts from the police , Ministry of Education and the school 's network provider were all working to find the source of the intrusion .

A new form of ransomware has emerged which is , unusually , being distributed by two separate exploit kits -- one of which was thought to have disappeared -- and demands payment Attack.Ransom in a lesser-known form of cryptocurrency . First seen on January 26 , GandCrab has been spotted being distributed by two exploit kits , RIG EK and GrandSoft EK . According to researchers at security company Malwarebytes , it 's unusual in itself for ransomware to be pushed using an exploit kit , with such tactics usually reserved for trojans and coin-miners . An exploit kit is used by cybercriminals to take advantage of vulnerabilities in systems in order to distribute malware and perform other malicious activities . In contrast , ransomware is usually delivered by spam email . The only other form of ransomware known to be consistently distributed with an exploit kit is Magniber . GandCrab is distributed via the RIG exploit kit , which uses vulnerabilities in Internet Explorer and Flash Player to launch JavaScript , Flash , and VBscript-based attacks to distribute malware to users . It 's possible that RIG spreads GandCrab to victims using malvertising on compromised websites , in an attack method similar to that used by Princess ransomware . GandCrab is also distributed using GrandSoft , an exploit kit which first appeared in 2012 , but was thought to have disappeared . The GrandSoft EK takes advantage of a vulnerability in the Java Runtime Environment which allows attackers to remotely execute code , and in this case is used to distribute GandCrab . Once the payload has been dropped and run on a compromised system , GandCrab , for the most part , acts like any other form of ransomware , encrypting Windows files using an RSA algorithm and demanding payment Attack.Ransom for the 'GandCrab Decryptor ' required to unlock the files . The encrypted files gain a .GDCB extension , with the encryption loop designed in such a way it will eventually affect every file on the drive . However , unlike many forms of ransomware , GandCrab does n't demand payment Attack.Ransom in bitcoin , but rather in a form of cryptocurrency called Dash . Those behind the ransomware demand Attack.Ransom 1.5 Dash ( listed on the note as $ 1,200 , although the fluctuating prices mean it 's ever changing ) as a ransom Attack.Ransom , a price which doubles to three Dash ( $ 2,400 ) if the price is n't paid Attack.Ransom within a few days . The demand Attack.Ransom for payment in Dash represents the latest example of ransomware distributors attempting to move away from bitcoin and onto other cryptocurrency , for reasons ranging from increased privacy and security to other forms of blockchain-based virtual currency being less popular than bitcoin and therefore quicker to process . There 's currently no means of decrypting GandCrab ransomware files for free at this time , meaning the best way to avoid falling victim is to ensure all software updates and patches have been applied Vulnerability-related.PatchVulnerability to ensure the vulnerabilities exploited Vulnerability-related.DiscoverVulnerability by the exploit kits ca n't be used to distribute ransomware from infected sites .

A malicious website initially set up to extort Attack.Ransom visitors to pay a cryptocurrency ransom Attack.Ransom has changed its course . Instead of demanding payment Attack.Ransom via Bitcoin , Ethereum , Bitcoin Cash or Litecoin in exchange for not leaking your password on the internet , the site now hijacks your computer ’ s processing power to mine cryptocurrency in the background . Designed as a copy of the Have I Been Pwned attack , the site began by asking users to enter their emails to see if their password has been compromised Attack.Databreach . Unfortunately , if your password was breached Attack.Databreach , the site demanded Attack.Ransom a “ donation ” of $ 10 by cryptocurrency to not publish your password in plain text on the web . Up to 1.4 billion passwords may have been breached Attack.Databreach , but it ’ s unclear how accurate that figure is . However , because it may be easier — and safer — to change your password than pay the ransom Attack.Ransom , as The Next Web noted , the site shifted its focus from demanding ransomware payments Attack.Ransom to taking over your PC ’ s processing power to mine for cryptocurrency in the background . The publication also confirmed that the malicious site did “ have a database with legitimate passwords , ” but that not all compromised passwords were stored in plain text . The Next Web did not reveal the site ’ s address in its report , citing security reasons , but noted that it doesn ’ t appear that any user had made payment . This is the latest ransomware in recent months that demand Attack.Ransom cryptocurrency as a form of payment . Prior to this incident Attack.Ransom , Thanatos encrypted files on a user ’ s PC by hijacking it using a brute force method . If you want to regain access to those files , you had to send payment Attack.Ransom via cryptocurrency to get a key to decrypt your files . However , at the time , there didn ’ t appear to be a proper decryption key even if you paid . According to a recent Google report , extortionists made out with $ 25 million in just two years , and cryptocurrency was the preferred way to get paid Attack.Ransom . Hackers are also changing the game when it comes to data theft Attack.Databreach . Rather than leaking Attack.Databreach the information to the dark markets , an IBM X-Force Intelligence Index report revealed that hackers prefer to hold files hostage in exchange for a ransom payment Attack.Ransom .

Two Iranian men already indicted in New Jersey in connection with a broad cybercrime and extortion scheme targeting government agencies , cities and businesses now face new federal charges in Georgia related to a ransomware attack Attack.Ransom that caused havoc for the city of Atlanta earlier this year . A federal grand jury in Atlanta returned an indictment Tuesday accusing Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri of violating the Computer Fraud and Abuse Act , federal prosecutors said in a news release Wednesday . The New Jersey indictment against the pair was filed last month on broad conspiracy charges that included the Atlanta cyberattack . Byung “ BJay ” Pak , the U.S. attorney in Atlanta , said in a news release that the Atlanta indictment was sought in coordination with the earlier indictment and seeks to ensure that “ those responsible for the attacks face justice here as well. ” The Atlanta indictment accuses the two men of launching a ransomware attack Attack.Ransom against Atlanta that encrypted vital city computer systems . The attack significantly disrupted city operations and caused millions of dollars in losses , prosecutors said . The Department of Justice has said the two men remain fugitives and are believed to be in Iran , though they are not believed to be connected to the Iranian government . No attorney was listed for either man in online court records . In the Atlanta attack Attack.Ransom , a ransomware known as SamSam was used to infect about 3,789 computers belonging to the city , prosecutors said . The ransomware encrypted the files on the computers and showed a ransom note demanding payment Attack.Ransom for a decryption key . The note demanded Attack.Ransom 0.8 bitcoin per affected computer or six bitcoin to decrypt all affected computers . Atlanta Mayor Keisha Lance Bottoms said in the days after the ransomware attack Attack.Ransom that the ransom demand Attack.Ransom was equivalent to $ 51,000 . The ransom note provided a bitcoin address to pay the ransom Attack.Ransom and a website accessible only on the dark web , where it said the city could retrieve the decryption key , prosecutors said . The decryption key became inaccessible shortly after the attack , and the city didn ’ t pay the ransom Attack.Ransom , prosecutors said . The New Jersey indictment filed Nov 27 accuses the two men of creating the SamSam ransomware and says it was used to encrypt the computers of more than 200 victims , including government agencies , cities and businesses . Among the other victims are the city of Newark , New Jersey , the Colorado Department of Transportation , the Port of San Diego and six health care companies across the U.S. , according to the Justice Department . The New Jersey charges include conspiracy to commit wire fraud and conspiracy to commit fraud and related activity in connection with computers . The overall scheme allowed the hackers to make about $ 6 million and caused the victims to lose more than $ 30 million , prosecutors said .

In the wake of a weekend cyber attack , ECMC officials say the hospital ’ s IT staff discovered the virus and shut down the hospital ’ s computer network , before it could infect their files . ECMC spokesman Peter Cutler said , State Police and the FBI are investigating . “ We do know that a virus was launched into our system and the good news , again , is that we reacted to it immediately. ” With the medical center ’ s computer network still offline , ECMC is conducting business the old fashioned way , on paper—no website , no email—and Cutler says they don ’ t believe patient files were compromised Attack.Databreach in any way . “ Through the assessments that we have been running , we have seen no indication that there has been a compromise Attack.Databreach of patient health information. ” Investigators would not say how hackers attacked ECMC ’ s computers , but authorities in the field of cyber security say , this attempted intrusion has all the hallmarks of ransomware . University at Buffalo cyber security expert Arun Vishwanath says ransomware attacks Attack.Ransom have grown exponentially in the last two years , and likens them to Internet extortion Attack.Ransom . “ They are very successful , and so that is why we are seeing an exponential growth in ransomware attacks Attack.Ransom . We are talking about somewhere between 5,000 attacks per day that are reported–let alone the ones that are not even reported. ” Vishwanath says ransomware attacks Attack.Ransom are big reward low risk ventures , since the hackers are usually from other countries , and rarely get caught . Unwitting victims download an infected attachment from an email and the virus spreads quickly . “ The moment you click on the malware , this malware basically locks down your computer , and all the files in it , and any file that is connected to any other computer that you are connected to . So this can spread through your network in minutes. ” The hacker then demands Attack.Ransom the target pay a ransom Attack.Ransom to get their files unencrypted , and in just about every ransomware attack Attack.Ransom , the hackers cover their tracks by demanding payment Attack.Ransom in bitcoin–a virtual currency that is hard , if not impossible to trace . Once the ransom is paid Attack.Ransom , the hackers send their victim an electronic key to unlock their encrypted files , but if the payment is not made within a certain time frame the hacked files are lost forever .

New variants of an Android ransomware family have surged over the past six months to some 600 unique versions . That 's a dramatic jump from the 100 variants created between October to the start of December , says Michael Covington , vice president of product strategy for Wandera , which published new data on the ransomware today . The new strains of the mobile ransomware use a range of disguises to avoid detection . The SLocker variations are repackaged as altered icon , for example , or offer unique resources and executable files . SLocker encrypts images , documents , and videos , as well as blocks access to the device before demanding payment Attack.Ransom to unlock the phone and its contents . Chief security officers and their teams have reason to worry about the rapid rise in the number of SLocker strains , say security experts . The malware has morphed beyond just locking users ' screens on their Android devices and demanding payment Attack.Ransom , to taking over administrative rights and controlling the device , including its microphone , speakers , and the camera . Bogdan Botezatu , senior e-threat analyst with Bitdefender , says an Android smartphone infected with SLocker could potentially broadcast highly sensitive information presented during a closed-door boardroom meeting without the user 's knowledge , for example . Wandera 's Covington points to potential risks to sales and consulting staff , for example . `` In a lot of situations where the employees work out in the field like in sales or consulting , it can have a massive impact on their business if they are locked out of their phone and data , '' he explains . Victim organizations paid Attack.Ransom an estimated $ 10 million in ransom Attack.Ransom to unlock confidential data stored on Android phones that fell victim to SLocker , according to Wandera 's report . Android ransomware first emerged in 2014 , after creators of the Reveton/IcePol ransomware for PCs turned their attention to Android devices and cooked up the Android.Trojan . Koler.A and then later Android.Trojan.SLocker , according to Bitdefender 's Botezatu . For the first two years , SLocker was among the top 20 Android malware families and then shot up to the top 10 in 2016 , notes Botezatu . `` Its rise to the top 10 was mostly because of the frustration factor . It 's a psychological thing when people ca n't get information from their smartphone , '' he says . `` People were willing to pay the ransom Attack.Ransom . The mobile device is more personal than the personal computer . '' But now SLocker ranks in the No . 14 to No . 18 spot among the top 20 Android malware families , as cyberthieves create new types of Android malware and enlarge the pool of contenders and dilute SLocker 's influence , Botezatu says .

New variants of an Android ransomware family have surged over the past six months to some 600 unique versions . That 's a dramatic jump from the 100 variants created between October to the start of December , says Michael Covington , vice president of product strategy for Wandera , which published new data on the ransomware today . The new strains of the mobile ransomware use a range of disguises to avoid detection . The SLocker variations are repackaged as altered icon , for example , or offer unique resources and executable files . SLocker encrypts images , documents , and videos , as well as blocks access to the device before demanding payment Attack.Ransom to unlock the phone and its contents . Chief security officers and their teams have reason to worry about the rapid rise in the number of SLocker strains , say security experts . The malware has morphed beyond just locking users ' screens on their Android devices and demanding payment Attack.Ransom , to taking over administrative rights and controlling the device , including its microphone , speakers , and the camera . Bogdan Botezatu , senior e-threat analyst with Bitdefender , says an Android smartphone infected with SLocker could potentially broadcast highly sensitive information presented during a closed-door boardroom meeting without the user 's knowledge , for example . Wandera 's Covington points to potential risks to sales and consulting staff , for example . `` In a lot of situations where the employees work out in the field like in sales or consulting , it can have a massive impact on their business if they are locked out of their phone and data , '' he explains . Victim organizations paid Attack.Ransom an estimated $ 10 million in ransom Attack.Ransom to unlock confidential data stored on Android phones that fell victim to SLocker , according to Wandera 's report . Android ransomware first emerged in 2014 , after creators of the Reveton/IcePol ransomware for PCs turned their attention to Android devices and cooked up the Android.Trojan . Koler.A and then later Android.Trojan.SLocker , according to Bitdefender 's Botezatu . For the first two years , SLocker was among the top 20 Android malware families and then shot up to the top 10 in 2016 , notes Botezatu . `` Its rise to the top 10 was mostly because of the frustration factor . It 's a psychological thing when people ca n't get information from their smartphone , '' he says . `` People were willing to pay the ransom Attack.Ransom . The mobile device is more personal than the personal computer . '' But now SLocker ranks in the No . 14 to No . 18 spot among the top 20 Android malware families , as cyberthieves create new types of Android malware and enlarge the pool of contenders and dilute SLocker 's influence , Botezatu says .

Check Point ’ s mobile security researchers have discovered a new ransomware in Google Play , dubbed Charger . Charger was found embedded in an app called EnergyRescue . The infected app steals Attack.Databreach contacts and SMS messages from the user ’ s device and asks for admin permissions . If granted , the ransomware locks the device and displays Attack.Ransom a message demanding payment Attack.Ransom . Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and installed Charger . The early detection enabled them to quickly disclose the findings to Android ’ s Security team that added the malware to Android ’ s built-in protection mechanisms before it began to spread , ensuring only a handful of devices were infected . Unlike most malware found on Google Play , that contains a dropper that later downloads the real malicious components to the device , Charger uses a heavy packing approach . This makes it harder for the malware to stay hidden . Charger ’ s developers compensated for this using a variety of techniques to boost its evasion capabilities so it could stay hidden on Google Play for as long as possible . These included : The ransom demand Attack.Ransom is for 0.2 Bitcoins or roughly $ 180 and is much higher than what has been seen in previous mobile ransomware attacks Attack.Ransom . By comparison , the DataLust ransomware demanded Attack.Ransom merely $ 15 and could be an indicator of a wider effort by mobile malware developers to catch up with their PC ransomware cousins . Similar to other malware seen in the past , Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine , Russia , or Belarus . This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries

Imagine turning on your smartphone to send a text and finding this threatening notice instead : “ You need to pay Attack.Ransom for us , otherwise we will sell portion of your personal information on black market every 30 minutes . WE GIVE 100 % GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT . WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER ! TURNING OFF YOUR PHONE IS MEANINGLESS , ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS ! WE STILL CAN SELLING IT FOR SPAM , FAKE , BANK CRIME etc . We collect and download Attack.Databreach all of your personal data . All information about your social networks , Bank accounts , Credit Cards . We collect Attack.Databreach all data about your friends and family . '' This is the message , word for word , found recently by Oren Koriat and Andrey Polkovnichenko , a pair of mobile cybersecurity analysts at Check Point , a security firm in California . The smartphone on which it appeared was an Android model that had been compromised by smartphone ransomware . Ransomware has become a ubiquitous threat to personal-computer users . Criminals remotely access a victim 's computer and lock all the files using encryption software , offering to unlock the data in exchange for a payment Attack.Ransom . The first ransomware attack Attack.Ransom on a phone occurred in 2013 , according to the Check Point researchers , but until now has been confined to small numbers of victims , primarily in Eastern Europe . Now , the company says , the threat has gained a toehold in the United States . Koriat and Polkovnichenko found the software , which they dubbed Charger , embedded in an app called Energy Rescue , which purports to make a phone battery last longer . `` The infected app steals Attack.Databreach contacts and SMS messages from the user ’ s device and asks for admin permissions , '' the company said in a statement . `` If granted , the ransomware locks the device and displays Attack.Ransom a message demanding payment Attack.Ransom . '' The payment demanded Attack.Ransom was 0.2 bitcoin , or about $ 180 at the current exchange rate . ( The phone was being used for business and did n't contain much personal data ; the owner chose to replace the phone rather than pay . ) The most disturbing part of the attack might be that the app was downloaded from the Google Play store . Android phones can use apps from other sources , but security experts usually recommend that users stick to the Play store to take advantage of the processes Google uses to check the software for safety . `` The main issue here is the fact that such a severe threat managed to penetrate Google 's security and enter Google Play , Google 's official app store , '' says Daniel Padon , another member of Check Point 's research team . `` Most malware that manages to enter Google Play has only slim malicious traits , while Charger is about as malicious as can be . As mobile ransomware try to keep the pace with their cousins in the PC world , we are likely to see more efforts of this sort , endangering users around the world . '' Padon added that this malware was particularly sophisticated , using a number of innovative tactics to evade detection by Google . Google commended the security firm for catching the Charger threat so early . `` We appreciate Check Point ’ s efforts to raise awareness about this issue , '' a Google spokesperson says . `` We ’ ve taken the appropriate actions in Play and will continue to work closely with the research community to help keep Android users safe . '' Ransomware attacks on mobile phones are still relatively rare . One well-known case involved users of pornography apps in Eastern Europe who were targeted by ransomware called DataLust , Check Point says . In those cases , the ransom Attack.Ransom was set at 1,000 rubles , or about $ 15 . There 's evidence that Charger , too , comes from Eastern Europe—beyond the clichéd bad grammar of the ransom note . `` This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries . '' Ransomware attacks Attack.Ransom are joining a growing list of threats to mobile phone securit