NHS hospital trusts in England reported 55 cyber attacks in 2016 , according to data obtained by the BBC . The figures come from NHS Digital , which oversees cyber security , and show an increase on 16 attacks in 2015 . NHS Digital said the figures showed a `` rise in reporting , not necessarily a rise in cyber attacks '' . But Oliver Farnan , from the Oxford Cyber Security Centre , said ransomware attacks Attack.Ransom had become more common . 'The risk is going to increase ' Ransomware is software that locks computer systems and then demands a ransom Attack.Ransom to unlock the data . Oxford University Hospitals NHS Foundation Trust ( OUH ) repelled five ransomware attacks Attack.Ransom in 2016 . `` That is something a number of hospitals have seen and is potentially quite worrying , '' said Dr Chris Bunch from OUH . He added : `` Across the health service we are still to a very large extent paper-based ... and as we move increasingly towards digital records the risk is going to increase . '' Leeds Teaching Hospitals NHS Trust reported four ransomware attacks Attack.Ransom in 2016 , and University Hospitals Bristol NHS Foundation Trust and Kings College Hospital NHS Foundation Trust sustained three ransomware attacks Attack.Ransom each last year . No patient data was lost in any of the attacks on the trusts and a spokesperson for Kings College Hospitals Trust said it had a cyber security response plan that it continually reviewed and monitored . Oliver Farnan from the Oxford Cyber Security Centre , said it was hard to know if enough money was being spent on security in the NHS . `` Money is only really spent on security once everything else is up and running and in place ... it always comes second , '' he said . But David Emm , principal security researcher at internet security firm Kaspersky Lab , said basic steps such as backing up data could make a difference . `` Ransomware is a very blunt instrument , if you have a back-up of data then you are not in a position where people can extort money Attack.Ransom in that way , '' he said . However , Mr Emm said public bodies faced specific challenges , and added that money was an issue . `` They have lots of people accessing the systems , there is lots of data moving in and out of the organisation , that does actually make it harder to secure that information , '' he said . NHS Digital said it had established CareCERT which issues notices about the national threat level and publishes advice on good practice . It said its launch in October 2015 has contributed to the increase in the reporting of cyber attacks , and that more than 100 organisations had received on-site assessments to improve security .

A ransomware threat called SLocker , which accounted for one-fifth of Android malware attacks in 2015 , is back with avengeance , according to security firm Wandera . SLocker encrypts images , documents and videos on Android devices and demands a ransom Attack.Ransom to decrypt the files . Once the malware is executed , it runs in the background of a user 's device without their knowledge or consent . Once it has encrypted files on the phone , the malware hijacks the device , blocking the user 's access , and attempts to intimidate them into paying a ransom Attack.Ransom to unlock it . Last year , security company Bitdefender said that ransomware was the largest malware risk to Android users in the second half of 2015 - with SLocker accounting for 22 per cent of Android malware threats in the UK in that period . The malware also topped the ransomware charts in Germany and Australia , and Bitdefender claimed that 44 per cent of Android users it asked had already paid out a ransom Attack.Ransom in order to regain access to their devices . The malware continued to cause problems and , in mid-2016 , its attacks Attack.Ransom were estimated to have resulted in tens of millions of dollars in ransoms paid Attack.Ransom . Weeks after the initial wave of attacks , security companies patched Vulnerability-related.PatchVulnerability the issue for their enterprise customers , devices were updated Vulnerability-related.PatchVulnerability and the threat disappeared . That is until now . Mobile security firm Wandera said that its mobile intelligence engine MI : RIAM had detected more than 400 variants of the same malware . It said that these strains were targeting businesses ' mobile fleets through easily accessible third-party app stores and websites where security checks are not as rigorous as they ought to be . According to Wandera , the variants have been redesigned and repackaged to avoid all known detection techniques . `` They utilise a wide variety of disguises including altered icons , package names , resources and executable files in order to evade signature-based detection , '' the company said . Third-party app stores and unknown vendors should be avoided by Android users , while corporate administrators should be wary of SLocker returning and put in place security measures to monitor devices accordingly .

There are plenty of examples of why organizations need to update technology and apply patches . It is taking advantage of outdated versions of applications such as Flash , Internet Explorer , or Microsoft Edge to distribute the Cerber ransomware , researchers said Vulnerability-related.DiscoverVulnerability . The attack leverages malicious domains to launch drive-by attacks against unsuspecting visitors and preys on their failure to update applications in a timely manner , said Andra Zaharia , a security evangelist at Heimdal Security , in a blog post . As long as they use outdated browsers or plugins that contain Vulnerability-related.DiscoverVulnerability known vulnerabilities , they are likely to end up infected with malware . Only outdated versions of Flash Player , Silverlight , Internet Explorer and Microsoft Edge are the focus of the attack , Zaharia said Vulnerability-related.DiscoverVulnerability . RIG exploits one of eight vulnerabilities , including CVE-2015-8651 ( CVSS Score : 9.1 ) , CVE-2015-5122 ( CVSS Score : 10 , affects nearly 100 Flash versions ) , CVE-2016-4117 ( CVSS Score : 10 ) , CVE-2016-1019 ( CVSS Score : 10 ) , CVE-2016-7200 and CVE-2016-7201 ( both CVSS Score : 7.6 , affecting Microsoft Edge ) , CVE-2016-3298 ( CVSS Score : 3.6 , affects Internet Explorer versions 9 , 10 , 11 ) , and CVE-2016-0034 ( CVSS Score : 9.3 ) . After compromising a user ’ s computer , the exploit kit proceeds to downloading and installing the Cerber ransomware , one of the most prolific threats last year . The malware encrypts a user ’ s files and demands a ransom Attack.Ransom for the decryption key . Zaharia said the one thing users must do to ensure increased protection is to keep their software updated at all times . Applying security updates in a timely manner is at the heart of prevention when it comes to exploit kit attacks .

Cybercriminals that specialize in ransomware , which affects thousands of computers and mobile devices every year , are ramping up their attacks against businesses . It is here that they can get their hands on valuable information and large sums of cash . This particular kind of malware , which hijacks devices and demands a ransom Attack.Ransom for their return , has managed to conquer another kind of technology : smart TVs . Last December , the American developer Darren Cauthon announced on Twitter that a family member ’ s television had fallen victim to one of these attacks Attack.Ransom . The television in question was an LG model that came out in 2014 that is compatible with Google TV , a version of Android tailored to televisions . Once it had infiltrated the device , the malicious software demanded a ransom Attack.Ransom of $ 500 dollars to unlock the screen , which simulated a warning from the Department of Justice . pic.twitter.com/kNz9T1kA0p — Darren Cauthon ( @ darrencauthon ) December 25 , 2016 The appearance of the false message would lead you to believe that it ’ s a version of the ransomware known as Cyber.police , also known as FLocker . Ordinarily this ransomware affects smartphones with Google ’ s operating system . After hijacking the device , the malware collects Attack.Databreach information from the user and the system , including contact information and the location of the device , to be sent encrypted to cybercriminals .

Last month , we received a few queries asking about a strain of ransomware going by the name of Satan . Those queries were along the lines of , “ What do you detect it as ? ” The simple answer is Troj/Ransom-ECZ , which is what we replied back then , but there ’ s a backstory to the Satan malware family that we thought was worth covering , too . Cybercriminals have long used themes like the devil , the occult and what you might rather loosely call “ the dark arts ” as inspiration for malware names : Dark Avenger , Necropolis , Mydoom , Natas ( which is Satan backwards ) and SatanBug are just a few examples But there ’ s one aspect of the Satan ransomware that isn ’ t old-school , and that ’ s what we ’ re looking at in this article : its business model . In its own words , the malware part of Satan is simply explained : Satan is a ransomware , a malicious software that once opened in a Windows system , encrypts all the files , and demands a ransom Attack.Ransom for the decryption tools . Satan has brazenly copied the business model of many legitimate online services such as iTunes and eBay : joining up is free , but you pay-as-you-go on a percentage basis when you put business through the site . The Satan service claims to : The service ( we 'll use that word without quotation marks , but you may infer them if you wish ) even supports optional two-factor authentication based on a public-private key pair , just like SSH , and a CAPTCHA to make automatic mass signups more difficult . Once you have a login , you can begin to generate ransomware samples , tailored to your own price point . You can choose an initial ransom , starting at BTC 0.1 ( about $ 125 on 2017-03-07 ) , the number of days you want to keep the price at its starting point , and a `` ramp up '' factor by which the ransom will increase after the initial period : Once you 've created a sample , you can not only download it to start attacking potential victims , but also generate a series of supporting files that will help you to use it in an attack . That way , the files you publish online for your victims to download wo n't look obviously like Windows programs ( EXE files ) . Of course , once you have scrambled your ransomware files , you ca n't just send the files or links to your victims and expect them to work , because the files will arrive in scrambled form and wo n't run . The Satan service helps you over that step , too , by creating either an HTML page or a Microsoft Word macro to do the job of downloading , unscrambling and auto-launching the decoded malware . You then convert the HTML into CHM ( compiled HTML ) format or embed the generated Word macro into a Word document , thus creating a malware downloader file you can send as an email attachment and entice your victim to open it . If you do manage to infect a prospective victim , they ’ ll be instructed to pay the ransom you specified , but into a bitcoin wallet operated by the crooks : You ’ re then expected to trust the crooks to be honest about all the payments they receive , and to cough up 70 % of every ransom payment into a bitcoin address you supply them . We shouldn ’ t have to say this , but the answer is dead simple : DON ’ T . Deliberately sending out malware in the hope of infecting victims is illegal in most jurisdicitions ; actually infecting them just makes a bad thing worse ; and demanding money with menaces after infecting them is worse still . If you try this and get caught , don ’ t expect too much sympathy from the court