by April 7 . The gang calls themselves the `` Turkish Crime Family , '' and they 're demandingAttack.Ransom$ 75,000 in Bitcoin or Ethereum cryptocurrency . In a bizarre twist , they 're also willing to accept $ 100,000 in iTunes gift cards as an alternative form of paymentAttack.Ransom, despite the obvious concern that Apple would easily be able to track this . In return , the hacker group would delete their entire collection of compromising data . According to Motherboard , a hacker has been quoted as saying : I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing . Apparently , one of the hackers shared screenshots of emails exchanged between the group and Apple , and then gave Motherboard 's Joseph Cox access to the email account as proof . The hackers claim to have over 300 million Apple email accounts , including ones with @ icloud and @ me domains . Later on , though , another hacker from the group claimed that they actually have 559 million accounts . The only other proof they provided was a YouTube video of the hackers allegedly logging into an elderly woman 's stolen iCloud account to view backed-up photos , then wiping her device , but this video has since been removed . Lending to the credibility of the hackers ' claims , though , Apple is stated to have asked the hacker group to remove the video from YouTube : We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it 's seeking unwanted attention , second of all we would like you to know that we do not reward cyber criminals for breaking the law . Cox also states that he read other emails in their account , and that it appeared the hackers have tried to approach many different media outlets to get more attention , possibly to help their extortion effortsAttack.Ransom. Now , we do n't know how true the Turkish Crime Family 's claims are , but this is a good time to remind you to frequently change your passwords . Make them strong and unique , people ! No names , birthdays , 123s , or whatnot .
Infamous Necurs botnet seen sendingAttack.Phishingspam emails containing new ransomware to millions of potential victims in just a few hours . A new form of ransomware is indiscriminately targeting millions of PCs , spread by the prolific botnet behind one of the most successful forms of ransomware in the world . The new ransomware is called Jaff and given that it appears to be heavily mimicking tactics of the infamous Locky - the most successful ransomware family of 2016 - it has the potential to become a major nuisance . It 's also brazen in its ransom demandsAttack.Ransom, demandingAttack.Ransomvictims payAttack.Ransom1.79 Bitcoins - currently $ 3,300 - in order to regain access to the infected network and encrypted files . It 's an ambitious ransomAttack.Ransom- most forms of ransomware want a paymentAttack.Ransomof between $ 500 and $ 1000 - but the authors are likely to be aware that many organisations are willing to give in and payAttack.Ransomto avoid losing business-critical files . As noted by cybersecurity researchers at Forcepoint , the Jaff campaignAttack.Ransomsprung to life on May 11 , using the Necurs botnet to sendAttack.Phishingmillions of spam emails emailsAttack.Phishingto targets across the globe in the space of just a few hours . The malicious email itself is sentAttack.Phishingwith a subject line referring to a receipt or to a fake document , with the pattern involving the words PDF , Scan , File , Copy or Document followed by an underscore and a string of at least four numbers - four example , one subject line seen by researchers was 'Copy _293636 ' Attached to this email is a PDF document containing an embedded DOCM file and a malicious Macro script . If this is run , the ransomware payload is executed and Jaff targets and encrypts a wide variety of file extensions , renaming them all to end in .jaff . While the attack might seem basic - especially compared with targeted spear-phising attacksAttack.Phishing- the sheer number of messages sent outAttack.Phishingmeans that even just a tiny percentage of targets open the email , download the attachment and enable the macros , this new ransomware could have a sizeable impact . As with other ransomware attacksAttack.Ransom, the infected victim sees their desktop changed to a ransom note and they 're directed to instructions , telling them their files are encrypted and that they must visit a dark web address in order to payAttack.Ransomto get their files back . It 's this combined with how the ransomware is spread by Necurs - which leads researchers to suggest that there 's a connection between Jaff and Locky : the Jaff decryptor website and the Locky decryptor website look almost identical . Researchers also note that while the code behind Jaff is less sophisticated than Locky , it carries one major similarity - the ransomware will delete itself from the infected machine if the local language is Russian . If the ransomware does not want to target Russian users this might suggest it originate from Russia and the developers do n't want to cause trouble in their own neighbourhood . While researchers ca n't say for certain if Jaff is definitively linked to the gang behind Locky but those behind it have the funding and skills required to carry out a sophisticated campaign . `` What is clear , given the volume of messages sent , is that the actors behind the campaign have expended significant resources on making such a grand entrance , '' said Forcepoint researchers .
Researchers found they were able to infect robots with ransomware ; in the real world , such attacks could be highly damaging to businesses if robotic security is n't addressed . Ransomware has long been a headache for PC and smartphone users , but in the future , it could be robots that stop working unless a ransom is paidAttack.Ransom. Researchers at security company IOActive have shown how they managed to hack the humanoid NAO robot made by Softbank and infect one with custom-built ransomware . The researchers said the same attack would work on the Pepper robot too . After the infection , the robot is shown insulting its audience and demandingAttack.Ransomto be 'fed ' bitcoin cryptocurrency in order to restore systems back to normal . While a tiny robot making threats might initially seem amusing -- if a little creepy -- the proof-of-concept attack demonstrates the risks associated with a lack of security in robots and how organisations that employ robots could suddenly see parts of their business grind to a halt should they become a victim of ransomware . `` In order to get a business owner to pay a ransomAttack.Ransomto a hacker , you could make robots stop working . And , because the robots are directly tied to production and services , when they stop working they 'll cause a financial problem for the owner , losing money every second they 're not working , '' Cesar Cerrudo , CTO at IOActive Labs , told ZDNet . Taking what was learned in previous studies into the security vulnerabilities of robots , researchers were able to inject and run code in Pepper and NAO robots and take complete control of the systems , giving them the option to shut the robot down or modify its actions . The researchers said it was possible for an attacker with access to the Wi-Fi network the robot is running on to inject malicious code into the machine . `` The attack can come from a computer or other device that is connected to internet , so a computer gets hacked , and from there , the robot can be hacked since it 's in the same network as the hacked computer , '' said Cerrudo , who conducted the research alongside Lucas Apa , Senior Security Consultant at IOActive . Unlike computers , robots do n't yet store vast amounts of valuable information that the user might be willing to pay a ransomAttack.Ransomto retrieve . But , as companies often do n't have backups to restore systems from , if a robot becomes infected with ransomware , it 's almost impossible for the user to restore it to normal by themselves . If the alternative for a victim of robot ransomware is waiting for a technician to come to fix the robot -- or even losing access it to weeks if it needs to be returned to the manufacturer -- a business owner might view giving into the ransom demandAttack.Ransomas a lesser evil . `` If it 's one robot then it could take less time , but if there are dozens or more , every second they are n't working , the business is losing money . Keeping this in mind , shipping lots of robots takes a lot of time , so the financial impact is bigger when you have a computer compromised with ransomware , '' said Cerrudo . While the robot ransomware infections have been done for the purposes of research -- and presented at the 2018 Kaspersky Security Analyst Summit in Cancun , Mexico -- IOActive warn that if security in robotics is n't properly addressed now , there could be big risks in the near future . `` While we do n't see robots every day , they 're going mainstream soon , businesses worldwide are deploying robots for different services . If we do n't start making robots secure now , if more get out there which are easily hacked , there are very serious consequences , '' said Cerrudo . As with security vulnerabilities the Internet of Things and other products , the solution to this issue is for robotics manufacturers to think about cybersecurity at every step of the manufacturing process from day one . IOActive informed Softbank about the research in January but Cerrudo said : `` We do n't know if they [ Softbank ] are going to fixVulnerability-related.PatchVulnerabilitythe issues and when , or even if they can fixVulnerability-related.PatchVulnerabilitythe issues with the current design . '' Responding to the IOActive research , a Softbank spokesperson told ZDNet : `` We will continue to improve our security measures on Pepper , so we can counter any risks we may face . ''
Files that were scrambled in a ransomware attackAttack.Ransomon Hāwera High School in Taranaki included school assessments that students had only partly completed as well as backups , principal Rachel Williams has confirmed . More help is on the way for schools battling ransomware and other malware , but it has come a little late for the school which is being held to ransomAttack.Ransomfor US $ 5000 by hackers . N4L , the Crown-owned company that manages the provision of broadband to schools , said it would improve online security as part of a wider upgrade of its managed network that is due to be completed by October next year . The 2450 schools and 800,000 students on the network will get a new security solution supplied by Californian company Fortinet which would provide `` more robust protection against online threats , such as phishingAttack.Phishingand ransomware '' , it said in a statement issued on Monday . Ironically , that was the same day that staff at Hāwera High School switched on their computers to discover the message demandingAttack.RansomUS $ 5000 ( NZ $ 7352 ) in bitcoin for the return of encrypted data on a server containing students ' work and teaching resources . Hāwera High School is connected to ultrafast broadband via N4L , but N4L chief executive Larrie Moore said the school had opted out of N4L 's existing security solution and was instead using an alternative commercial offering . `` We 've been in touch with the school and their IT company to offer our support , '' he said . `` Until we know how the school 's network was compromised , we are unable to say whether the new Fortinet solution would have prevented it , '' he said . But Moore said there was no `` silver bullet '' for malware . Instead , technological protections needed to be used in combination with `` continuous education around good digital citizenship '' , he said . Williams said many of its students and teachers had backed up their files in the cloud and were not affected by the ransomware attackAttack.Ransom, but backups stored on servers at the school were also encrypted by the hackers . `` We have been working today on getting a clearer audit of student and staff work and where we are at . Some students are really not affected at all because they have saved their work on their cloud-based system . `` If students were part-way through an assessment , some of those are the ones that are encrypted and we ca n't access those at the moment . '' The school was working with NZQA to make sure those students were not disadvantaged , she said . Others had backups of their work at home , she said . Williams was not sure how the malware had arrived at the school , saying that was still being investigated . The Government is not believed to have any rules on whether state-funded organisations such as schools can pay ransomsAttack.Ransom, but in 2017 it issued advice against it and Williams said the school would follow police advice not to payAttack.Ransom. While the incident had been annoying , `` you see people 's character come through and we 've seen real resilience from our staff and students '' , Williams said . `` It is not stopping us doing what we need to do . '' N4L said its technology upgrade would be the first major refresh of its network since it began connecting schools with ultrafast broadband at the end of 2013 . Its existing security system had blocked more than 118,000 viruses and malware threats so far during this school year , it said .
A Warwick company ’ s managing director is warning other businesses to protect themselves from cyber criminals after being held to ransomAttack.Ransom. Kettell Video Productions was targeted by tech scammers who infected its IT systems with viruses before demandingAttack.Ransom£1,000 in online currency Bitcoins or the files would be permanently deleted . Luckily , owner Stuart Kettell routinely backs up all his company ’ s systems so nothing was lost but he warned others to do the same to avoid disaster . “ It was scary : I had no idea about cyber-attacks before and really didn ’ t know what to do , ” he said . “ Critical files , including images and videos for clients , were wiped out along with a lifetime of personal memories . “ The affected files were lost for good – the only way to recover them was with the key code held by the blackmailer – but luckily I back-up everything to an external data cartridge . “ In the end it was more an inconvenience…but it could have threatened the business . “ I would strongly urge all business owners to back-up their essential files. ” Mr Kettell acted quickly when he realised the audio-visual specialists in Arlescote Close were under attack by the web sharks in December , 2015 . “ I noticed all my photos , videos and pdf files ghosting to white with a new filename… it attacked my desktop first then it wormed its way into folders one file at a time every few seconds , ” he said . “ I ’ ve no idea how the malware was introduced as we use software that ’ s designed to prevent against such attacks . “ And the demand for paymentAttack.Ransomseemed very professional : I was given links where I could buy Bitcoins and even offered the chance to decrypt one file for free . “ I unplugged my computer , isolated it from the internet , and ran some anti-malware software to stop the virus spreading further. ” Latest figures from the Crime Survey for England & Wales estimated there were 1.3m computer virus offences and 667,000 hacking related offences committed in the year ending September 2016 . Sergeant Gary Sirrell from the cybercrime team at West Midlands Regional Organised Crime Unit said commercial web attacks are increasingly being committed against smaller firms and not big multi-nationals . “ Small and medium sized companies are easier targets : they often don ’ t have the resources or expertise to protect against cyberattacks , ” he said . “ And if they are targeted , the impact can be devastating . “ But there are steps business owners can take to mitigate the risk . “ A really effective tactic involves ‘ layering ’ defences to include a firewall , anti-malware software , staff training and regular re-training ) around phishing email awareness , and finally to plugVulnerability-related.PatchVulnerabilityany holes in your defences by updatingVulnerability-related.PatchVulnerabilitysoftware patches and updatesVulnerability-related.PatchVulnerabilityin a timely manner . “ By exercising good cyber hygiene , and having a strong backup policy , Stuart avoided the dilemma of whether to see his business significantly damaged , or to have to hand over a ransomAttack.Ransomto organised crime gangs to get his data unlocked . “ If more businesses in the West Midlands proactively took such steps there would be significantly fewer crimes victims . ”
The 'WannaCrypt ' ransomware has been a worldwide dilemma , impacting many countries . Luckily , the malware only impacts older versions of Microsoft 's operating system -- Windows 10 is not vulnerable . Also immune to WannaCrypt is macOS and Linux distributions . Unfortunately , many people run older versions of Windows , but Microsoft has been very active in issuingVulnerability-related.PatchVulnerabilitypatches for them -- including for the now-unsupported XP . Patches aside , security software can protect vulnerable computers too . In fact , today , Symantec announces that it has successfully blocked almost 22 million WannaCrypt attacksAttack.Ransom. The company even leveraged machine learning in its fight against the ransomware . The company explains that it , `` blocked nearly 22 million WannaCry infection attempts across 300,000 endpoints , providing full protection for Symantec customers through its advanced exploit protection technology . The WannaCry ransomware attacksAttack.Ransomtargeted and affected users in various countries across the globe by encrypting data files on infected computers and demandingAttack.Ransomusers payAttack.Ransoma $ 300USD ransomAttack.Ransomin bitcoin to decrypt their files . The protection of Symantec customers was enabled in part due to the integration of real-time threat intelligence shared across both Symantec Endpoint Protection and the Blue Coat ProxySG , which provided real-time threat awareness across the endpoint , network and cloud . '' Mike Fey , president and chief operating officer at Symantec explains , `` The WannaCry ransomware attackAttack.Ransomis the largest we 've ever seen of its kind and we 're pleased to share that Symantec customers benefited from multiple layers of protection even before it happened , through innovations and new capabilities in our Integrated Cyber Defense Platform . Our proactive network protection and advanced machine learning technologies provided real-time , zero-day , protection for all SEP and Norton customers when WannaCry was released last week . And , our Global Intelligence Network automatically shares WannaCry intelligence between Symantec endpoint , email and Blue Coat network products , providing full protection across all control points , including the cloud . '' While Symantec 's announcement highlights the importance of security software for both home and business users , it should n't distract from the fact that it is also imperative to apply operating system updates in a timely matter . Also important is using supported software . Yes , Microsoft patchedVulnerability-related.PatchVulnerabilitythe unsupported Windows XP , but that OS should really not even be in use anymore .
Recent attacks against insecure MongoDB , Hadoop and CouchDB installations represent a new phase in online extortionAttack.Ransom, born from ransomware ’ s roots with the promise of becoming a nemesis for years to come . First spotted on Dec. 27 by Victor Gevers , an ethical hacker and founder of GDI Foundation , attacks in the past two months shot up from 200 to near 50,000 . The first of these ransom attacksAttack.Ransomagainst insecure databases traces back to a hacker identified as Harak1r1 , who Gevers said was responsible for compromising open MongoDB installations , deleting their contents , and leaving behind a ransom note demandingAttack.Ransom0.2 BTC ( about $ 220 at the time ) . After that , escalation of attacks against open MongoDB installations happened fast , jumping from hundreds one week , to 2,000 the next , and 10,000 the following week . At last count more than 56,000 open MongoDB databases alone are ripe for attack , according to the most recent numbers available from GDI Foundation . But that doesn ’ t include a slew of new databases now being targeted by cybercriminals . Security researchers at Rapid7 estimate that 50 percent of the 56,000 vulnerable MongoDB servers have been ransomedAttack.Ransom. In a typical ransomware attackAttack.Ransom, an attacker compromises a computer via malware or Trojan and encrypts local data that can only be unlocked with an encryption key obtained for a price . That spurred a maturing of ransomware used against more sophisticated healthcare , government and educational targets with similar phishingAttack.Phishing, malware and Trojan techniques . However , experts say , both have acted as the stepping stones to this type of data hijacking . With data hijacking , attackers compromise insecure database installations , copy data , then delete the contents and leaving behind a ransom note in the form of a directory name demanding a ransomAttack.Ransombe paidAttack.Ransomvia Bitcoin . Rapid7 has already seen additional databases such as Redis , Kibana and other SQL databases targeted in its honeypots . Josh Gomez , senior security researcher with security firm Anomali , said moving forward attacks will be less random , more targeted and seek high-value repositories with weak protection .