City employees in Atlanta coming to work Friday morning were told not to turn on their computers and WiFi at the Atlanta airport was turned off due to a ransomware attack Attack.Ransom that hit Attack.Ransom municipal systems on Thursday . As employees walked into city hall for work , they were handed a printed notice telling them to not use their computers until they were cleared by the municipal IT group , the Atlanta Journal Constitution reported . At a news conference Friday afternoon , Atlanta chief operating officer Richard Cox said that the WiFi at Hartsfield–Jackson Atlanta International Airport had been disabled out of `` an abundance of caution . '' The city is still working on mitigating the ransomware and Mayor Keisha Lance Bottoms did not answer questions from reporters as to whether the attack had ended . `` What we want to make sure of is that we aren ’ t putting a Band-Aid on a gaping wound . We want to make sure that we take the appropriate steps , '' she said . Atlanta doesn ’ t know who is behind the attack , the mayor said . The good news is that while “ this is a massive inconvenience to the city , it is not life and death , ” she said . Police , fire and other vital services are still fully functional , Cox said . The attack hit early Thursday morning . Bottoms has repeatedly told employees they should monitor their bank accounts because city officials don ’ t yet know what information was compromised Attack.Databreach in the attack Attack.Databreach . `` Let 's just assume that if your personal information is housed by the City of Atlanta , whether it be because you are a customer who goes online and pays your bills or any employee or even a retiree , we do n't know the extent , so we just ask that you be vigilant , '' Bottoms said . The ransomware is affecting applications that customers use to pay bills and access court-related information among other things , Bottoms said . The attackers demanded Attack.Ransom the equivalent of $ 51,000 in digital currency to unlock the system . The city is working with the FBI and local law enforcement to investigate the attack , Cox said . While it has been a difficult two days , Atlanta will in the end prevail , he said . `` The city was around before computers were around , said Cox . `` We ’ ll rise from the ashes , '' he added

Three months on from the global WannaCry cyberattack Attack.Ransom , someone has withdrawn funds acquired when victims paid ransoms Attack.Ransom . Almost three months on from the WannaCry ransomware outbreak Attack.Ransom , those behind the global cyberattack Attack.Ransom have finally cashed out their ransom payments Attack.Ransom . The WannaCry epidemic hit Attack.Ransom organisations around the world in May , with the file-encrypting malware -- which used a leaked NSA exploit -- attacking Attack.Ransom Windows systems . It infected over 300,000 PCs and crippling systems across the Americas , Europe , Russia , and China . The UK 's National Health Service was particularly badly hit Attack.Ransom by the attack Attack.Ransom , with hospitals and doctor 's surgeries knocked offline , and some services not restored until days after the ransomware hit Attack.Ransom . WannaCry continued to claim victims even after the initial outbreak : June saw Honda forced to shut down a factory due to an infection and speed cameras in Victoria , Australia also fell victim to the ransomware . While the attack Attack.Ransom was certainly high profile , mistakes in the code meant many victims of WannaCry Attack.Ransom were able to successfully unlock systems without giving into the demands Attack.Ransom of hackers . A bot tracking ransom payments Attack.Ransom says only 338 victims paid Attack.Ransom the $ 300 bitcoin ransom demand Attack.Ransom - not exactly a large haul for an attack which infected hundreds of thousands of computers . In the months since the attack Attack.Ransom , the bitcoin wallets containing the money extorted Attack.Ransom by WannaCry were left untouched , but August 3 saw them suddenly start to be emptied . At the time of withdrawal , the value of the wallets totalled $ 140,000 thanks to changes in the valuation of bitcoin . Three separate withdrawals between 7.3 bitcoin ( $ 20,055 ) and 9.67 bitcoin ( $ 26,435 ) were made in the space of a minute at 4:10am BST , accounting for around half of the total value of the extorted funds . Five minutes later , three more withdrawals of between seven bitcoin ( $ 19.318 ) and 10 Bitcoin ( $ 27,514 ) were made in the space of another 60 seconds . Ten minutes later , a final withdrawal was made , emptying the remaining bitcoin from the WannaCry wallets . There 's no official confirmation of who carried out the attack , but both private cybersecurity firms and investigating government agencies have pointed to North Korea as the culprit . A month after WannaCry Attack.Ransom , companies around the world found themselves being hit Attack.Ransom by another fast-spreading cyberattack in the form of Petya , which like WannaCry is still causing issues for some of those affected . Unfortunately , the success of WannaCry and Petya infection rates means many cybercriminal groups are attempting to copy the worm-like features of these viruses for their own ends .

And that approach probably works out just fine from a law enforcement organization ’ s perspective . However , from the viewpoint of a private citizen whose entire database has been held hostage by vicious hackers , not paying a ransom Attack.Ransom is hardly an option . According to the FBI ’ s own statistics , ransomware attacks Attack.Ransom are spreading like virus in the US alone , with a spike as alarming as $ 209 million in damages in the first three months of 2016 . When you look at it , the reasons behind the spread of ransomware are quite easy to understand . The malicious coding can be acquired by anyone with an internet connection for as little as a hundred dollars on the Deep Web , the psychological pressure over losing one ’ s important data almost always ends up in a successful heist and the current law enforcement system can and does very little to prevent the situation from going out of control . That , however , is not to say that the law enforcement isn ’ t concerned . In a news report released in April 2016 , the FBI expressed its direct concerns over the unchallenged growth of ransomware attacks Attack.Ransom and urged any victims to not give in to the demand for ransom Attack.Ransom unless all other options are exhausted . Unfortunately , however , as is the case with most ransomware attacks Attack.Ransom , the stakes of losing years worth of important data is always quite high and the ransom demanded Attack.Ransom usually very small , leading most victims to give in to the attackers ’ demands Attack.Ransom before even reaching out to law enforcement . For starters , though , let ’ s try and have a look at what ransomware is , and what differentiates it from other types of malicious coding . The most common form of ransomware is one that infiltrates your network , gains access Attack.Databreach to your data and encrypts them using advanced algorithms to prevent you from accessing your own files . A demand Attack.Ransom for an aggressive amount of money , generally in Bitcoin , is then demanded Attack.Ransom by the perpetrator in exchange for the key that decrypts said data that has been hijacked . There are , of course , several other types of ransomware , such as the kind that block access to the entire operating system or the kind that attaches itself to a partition of the computer ’ s hard drive . Most ransomware come with some sort of encryption key that is used to unlock the stolen data files once ransom is paid Attack.Ransom , though there is absolutely no guarantee that the perpetrator will keep their end of the bargain once money is transferred . The majority of ransomware attacks Attack.Ransom come with a set of identifying characteristics , such as the use of malicious coding that can spread throughout the network , the blocking of access to important data in the victim ’ s servers in a variety of creative ways , including the scrambling of file names and adding different extensions to prevent them from being accessed . Ransomware attacks Attack.Ransom also feature a time limit to add an element of psychological pressure against the victim , after which the data in concern is either stolen Attack.Databreach or deleted from the victim ’ s servers permanently . Attackers these days almost always ask for payment Attack.Ransom in Bitcoin , as the cryptocurrency is incredibly difficult to track as far as payments go . The concern over ransomware lies not in individual cases but the number of cases reported each year , which makes it the most popular cyber-infiltration scenario in current times . According to the Cyber Threat Alliance ( CTA ) , the damages caused by CryptoWall 3 , a particular type of ransomware , hit Attack.Ransom $ 325 million in 2015 alone . As per statistics produced by the Federal Bureau of Investigation , in the first few months of 2016 , a single variant of ransomware infected as many as 100,000 computers each day . In the March of 2016 , the number of computers infected by ransomware technology hit the absolute upper ceiling for the year , reports Symantec . While the cases , when considered individually , may not amount to much , the number of incidents reported worldwide in any given year is clearly a matter of global concern .

Ransomware authors are profiting from the rise of the cryptocurrency -- but it 's also bringing some unexpected problems for them and other dark web operators . The value of bitcoin has soared in recent days : at the one point the cryptocurrency was worth almost $ 19,000 before it dropped back to around $ 16,500 , where it has roughly remained since . It 's almost impossible to predict what will happen next . The price of bitcoin could rise again or it could crash -- but , for now at least , a single unit of the cryptocurrency is worth a significant amount of money . Bitcoin has become the popular payment method for ransomware over the last two years , as the digital currency provides cybercriminals with a means of collecting ransoms Attack.Ransom , while also making it difficult to get the ransom-collectors ' identities , thanks to the level of anonymity it offers . WannaCry Attack.Ransom , the biggest ransomware event of the year , for example , hit Attack.Ransom hundreds of thousands of PCs around the globe , encrypting files and demanding a payment Attack.Ransom of $ 300 in bitcoin for the safe return of what was stored on the machine . In this instance , the ransomware code itself was poorly written and the vast majority of victims were able to restore their systems without giving into the demands Attack.Ransom of the cyber-attackers . However , by the time those behind WannaCry Attack.Ransom had withdrawn funds from the associated Bitcoin wallets -- a full three months after the attack -- it meant the 338 payments Attack.Ransom victims had made were worth around $ 140,000 , which was an increase in value of just under $ 50,000 compared to when the majority of payments were made Attack.Ransom . If those behind WannaCry Attack.Ransom have held onto their illicit investment , they could now be sitting on over $ 1m of bitcoin . But the sudden spike in bitcoin could actually be problematic for some cybercriminals . Before the surge in value , 1 or 0.5 bitcoin was a common ransom demand Attack.Ransom , with the idea that if the fee was low enough -- back then the ransom value worked out at a few hundred dollars -- this would encourage the victim to pay up Attack.Ransom . Even as the value of bitcoin steadily rose during the summer , some attackers were still using the standard amounts of cryptocurrency as their ransom demand Attack.Ransom . For example , Magniber ransomware demanded a payment Attack.Ransom of 0.2 bitcoin ( $ 1,138 in mid-October ) , rising to 0.4 bitcoin ( $ 2,275 in mid-October ) if the payment wasn't received Attack.Ransom within five days . Two months later , 0.2 bitcoin is currently worth $ 3,312 while 0.4 bitcoin is up to $ 6,625 . Many forms of ransomware already ask for the payment Attack.Ransom of a specified amount of dollars to be made in bitcoin . While it pins hopes on victims being able to buy a specific amount of bitcoin and successfully transfer the payment -- which some criminal gangs get around by manning help desks providing advice on buying cryptocurrency -- it 's more likely to result in the victim paying up Attack.Ransom , especially if the figure is just a few hundred dollars . `` I imagine the volatility of bitcoin pricing has been an unexpected problem for cybercriminals . The average ransom demand Attack.Ransom has remained somewhere between $ 300 to $ 1000 , and normally the ransom note will specify a USD amount , '' Andy Norton , director of threat intelligence at Lastline , told ZDNet . It is n't just ransomware distributors who might be faced with the problem of valuing items in pure bitcoin : a Dark Web vendor -- whether they are selling malware , weapons , drugs , or any other illegal item -- might find that setting their price in pure bitcoin will quickly result in them pricing themselves out of the market . With bitcoin prices continuing to rise , sophisticated cybercriminal operators can likely react to it , altering prices on a day-to-day basis to ensure that they 're able to sustain their business . Criminals are trying out alternative pricing models for ransomware already . Some criminals already operate around the idea that they charge Attack.Ransom victims just enough so that they do n't see the ransom Attack.Ransom as too much to pay Attack.Ransom -- and that often depends on the country the victims are in . The Fatboy ransomware payment scheme charges Attack.Ransom victims in poorer countries less than those in richer ones . Meanwhile , those behind Scarab ransomware have started asking Attack.Ransom victims to suggest a payment amount Attack.Ransom for receiving the encryption key for their files .

The White House has publicly blamed North Korea for a ransomware attack Attack.Ransom in May that locked more than 300,000 computers in 150 countries . `` North Korea has acted especially badly , largely unchecked , for more than a decade , '' Homeland Security adviser Tom Bossert said at a White House briefing Tuesday morning . He called the WannaCry attack Attack.Ransom a reckless attack that caused `` havoc and destruction '' by locking vital information away from users , including hospital networks . `` We believe now we have the evidence to support this assertion , '' Bossert said . `` It 's very difficult to do when you 're looking for individual hackers . In this case , we found a concerted effort . '' In an opinion piece published in The Wall Street Journal on Monday , Bossert wrote that after careful investigation , Washington can say that Pyongyang is `` directly responsible '' for the WannaCry virus . Bossert called the attack Attack.Ransom in which victims received ransom demands Attack.Ransom to unlock their computers `` cowardly , costly and careless . '' `` The consequences and repercussions of WannaCry were beyond economic , '' he wrote . `` The malicious software hit Attack.Ransom computers in the U.K. 's health-care sector particularly hard , compromising systems that perform critical work . These disruptions put lives at risk . '' Bossert is expected to brief reporters on Tuesday about the hacking . NPR 's Elise Hu tells Morning Edition that `` cyberattacks are a way for North Korea to punch above its weight '' and that Pyongyang 's hackers `` have access to global networks and the Internet , and they have some real successes to count . '' Within days of the attack in May , North Korea fell under suspicion . As NPR 's Bill Chappell reported at the time , WannaCry was found to have `` lines of code that are identical to work by hackers known as the Lazarus Group , [ which has ] ... been linked to North Korea , raising suspicions that the nation could be responsible . '' And in October , Britain 's Minister of State for Security Ben Wallace said his government was `` as sure as possible '' that Pyongyang launched the attack . Bossert said in the Journal that President Trump had `` ordered the modernization of government information-technology to enhance the security of the systems we run on behalf of the American people . '' `` We also indicted Russian hackers and a Canadian acting in concert with them . A few weeks ago , we charged three Chinese nationals for hacking Attack.Databreach , theft Attack.Databreach of trade secrets and identity theft . There will almost certainly be more indictments to come , '' he wrote . He said that the administration would continue to use its `` maximum pressure strategy to curb Pyongyang 's ability to mount attacks , cyber or otherwise . ''

Over 200 victims in Europe and beyond continue to suffer from a brand new ransomware attack demanding Bitcoin Attack.Ransom to release encrypted files . Known as Bad Rabbit , the ransomware of unknown origin demands Attack.Ransom 0.05 BTC ( $ 290 ) to unlock infected computers . Its progress focuses on Russia and Ukraine , with outbreaks also reported in Turkey and Germany , according to cybersecurity firm Kaspersky Lab . “ While the target is visiting a legitimate website , a malware dropper is being downloaded from the threat actor ’ s infrastructure , ” a report on the ransomware released Tuesday explains . “ No exploits were used , so the victim would have to manually execute the malware dropper , which pretends to be Attack.Phishing an Adobe Flash installer . We ’ ve detected a number of compromised websites , all of which were news or media websites. ” As of Thursday , it has become apparent those targets fall outside the news and media sphere , with Odessa Airport and the Kiev Metro ’ s payment system also seeing breakdowns . Bad Rabbit is just the latest cyberattack Attack.Ransom to hit Attack.Ransom the Russian and Ukrainian zone , with WannaCry and NotPetya all having left their mark over the past six months . The ransom demands Attack.Ransom from Bad Rabbit ’ s hackers are similar to those of WannaCry at around $ 300 per machine . Unlike NotPetya , however , there appears to be no attempt to wipe data from victims , whether or not they send the requisite Bitcoins Attack.Ransom . Kaspersky adds it is not yet known whether or not paying the ransomware amount Attack.Ransom results in full control being returned .

It ’ s safe to say that 2016 was the year of ransomware . More specifically , the year of crypto-ransomware , that nefarious variant that encrypts files and holds them captive until a ransom is paid Attack.Ransom . Since the release of Cryptolocker in late 2013 , crypto-ransomware has exploded , and 2016 was a banner year . As a matter of fact , according to the FBI , cyber criminals used ransomware to steal Attack.Ransom more than $ 209 million from U.S. businesses in just the first quarter of 2016 . And according to a recent report from Kaspersky Labs , from January to September of 2016 , ransomware attacks targeting companies increased by a whopping 300 percent . With threat actors realizing ransomware ’ s lucrative potential , they bombarded the industry with new attacks in 2016 . This variant hit the wild in early 2016 , infecting systems using AES encryption . It not only infects mapped file shares , but any networked share , so remote drives are at risk . This attack was so potent experts estimate it infected more than 100,000 victims per day at its peak . More recently , hackers went after the beloved San Francisco Municipal Transport Agency ( MUNI ) . If you were in the area in late November , you may have gotten the message “ You Hacked ” at public transit ticket kiosks . The city ’ s light rail was hit by ransomware that forced them to offer Attack.Ransom free rides for two days while they recovered the files . Or , what about Popcorn , the ingenious little in-development ransomware variant in December that turned victims into attackers by incentivizing them with a pyramid scheme-style discount . Send the infection to two of your friends , and you get your files back for free . Ransomware perhaps hit Attack.Ransom healthcare the hardest in 2016 , with some reports claiming 88 percent of all ransomware affected hospitals . Whether large or small , no provider could hide from hackers looking to nab and encrypt patient data , disrupting care until the provider paid up Attack.Ransom or recovered files . The New Jersey Spine Center and Marin Healthcare District were attacked Attack.Ransom by Cryptowall , which encrypted electronic health records , backup files and the phone system . MedStar , which operates 10 hospitals in the D.C and Baltimore area , was forced to shut down its entire IT system and revert to paper records . And the list goes on and on with names like California ’ s Hollywood Presbyterian Medical Center , The University of Southern California ’ s Keck and Norris Hospital , Kansas Heart Hospital , Alvarado Medical Center , King ’ s Daughter ’ s Health , Chino Valley Medical Center and Desert Valley Hospital , and more . Criminals have obviously realized the awesome money-making potential of ransomware , and you should expect them to double-down in 2017 . That said , how can they make an already effective threat even more widespread ? Every year I try to predict changes and evolutions to the threat and security landscape . In this year ’ s predictions , I forecast that you ’ ll see the first ever , wide-spread ransomworm . This new variant will dramatically accelerate the spread of ransomware . Years ago , network worms like CodeRed , SQL Slammer , and more recently , Conficker were pretty common . As you probably know , a worm is a type of malware that automatically spreads itself over a network , using either legitimate network file sharing features , or network software vulnerabilities . In the past , the fastest spreading worms – like the examples mentioned above – exploited Vulnerability-related.DiscoverVulnerability network software flaws to automatically propagate through networks ( whether the Internet or just your internal network ) . Although we haven ’ t seen many wildly successful network worms lately , they ’ re still a threat . All it takes is for one black hat to find Vulnerability-related.DiscoverVulnerability a new zero-day networking software flaw and wide-spread ransomworm becomes a real possibility . In fact , attackers may not even need to know a new networking flaw to create a successful ransomware . By stealing Attack.Databreach a computer ’ s local credentials , attackers can use normal Windows networking , or tools like Powershell to spread through an internal Windows network without leveraging any vulnerability at all . Now , imagine ransomware attached to such a network worm . After infecting one victim , it could tirelessly copy itself to every computer it could reach on your local network . Whether or not you want to imagine such a scenario , criminals have already added network-scanning capabilities to some ransomware variants , and there ’ s a high likelihood they will more aggressively merge ransomware and worm capabilities next year . In 2017 , I suspect you ’ ll see a ransomworm that automatically spreads very quickly and successfully , at least on local networks , if not the Internet . Since falling victim to ransomware can be a costly and time-consuming affair , how can you prepare to combat these evolving threats ? Backup – Sure , I know most people just want to prevent ransomware , but you ’ ll never have 100 percent assurances of that in information security . Backing up your data is an important part of security for reasons far beyond just recovering from a ransomware attack . If you don ’ t already backup your important data , ransomware is the best reason yet to do so . Patch your software – There are many ways ransomware might get on your systems , including just users manually doing foolish things . However , in order to forcefully or automatically install malware on your system , attackers must exploit software flaws . That said , vendors have already fixed Vulnerability-related.PatchVulnerability a huge percent of the vulnerabilities hackers use to spread malware . If you simply keep your patches up to date Vulnerability-related.PatchVulnerability , you won ’ t succumb to many of these forced or automated attacks , which could even help against ransomworms , assuming the network flaw they used was also patched Vulnerability-related.PatchVulnerability . Implement Killchain Defense – You won ’ t find one security technology that can protect you from 100 percent of ransomware by itself . However , there are many security controls that help protect you from various stages of a ransomware attack . For instance , Intrusion Prevention Systems ( IPS ) can prevent some of the exploits criminals use to spread ransomware . AntiVirus can catch some of the most common ransomware variants , and more modern advanced threat protection solutions can even identify and block new zero-day ransomware samples . However , none of these defenses are fool proof alone . The best way to protect your computer or organization is to combine all of them . Unified Threat Management ( UTM ) solutions often offer the easiest option for placing all these protections under one pane of glass

Ransomware scammers have been exploiting a flaw in Apple 's Mobile Safari browser in a campaign to extort fees Attack.Ransom from uninformed users . The scammers particularly target those who viewed porn or other controversial content . Apple patched Vulnerability-related.PatchVulnerability the vulnerability on Monday with the release Vulnerability-related.PatchVulnerability of iOS version 10.3 . The flaw involved the way that Safari displayed JavaScript pop-up windows . In fact , recovering from the pop-up loop was as easy as going into the device settings and clearing the browser cache . This simple fix was possibly lost on some uninformed targets who were too uncomfortable to ask for outside help . `` The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk , '' Lookout researchers Andrew Blaich and Jeremy Richards wrote in Monday 's post . The user provided the screenshot shown above , which attempts to instill fear with the claim the device was being locked `` for illegal pornography . '' Below those words was a pop-up Window that said `` Can not Open Page . '' Each time the person clicked on the accompanying OK button , a new window would open again . The JavaScript used in the attack shows signs of being used to exploit the same Safari flaw present in Vulnerability-related.DiscoverVulnerability iOS version 8 , which was released in 2014 . The attackers , the Lookout researchers said , purchased a large number of domains in an attempt to `` catch users that are seeking controversial content on the internet and coerce them into paying a ransom Attack.Ransom to them . '' Sites tailored the messages they delivered based on country identifiers . The campaign in many respects resembles one that hit Attack.Ransom Android users in 2014 . That one demanded Attack.Ransom a $ 300 ransom paid Attack.Ransom in the form of mechanisms such as Paysafecard or uKash

Cyberthieves are increasingly targeting the malicious software , which locks all files on a targeted computer or network until the owner pays up Attack.Ransom , at smaller and arguably more vulnerable organizations . The Catholic Charities of Santa Clara County in California was a recent target . Seconds after a co-worker clicked on a malicious email attachment , “ the compressed file she had opened connected her computer with a server in the Ukraine , ” says Will Bailey , director of IT for the organization . “ It downloaded the ransomware code and began to encrypt files on her device ” . While cyberthieves ostensibly have more to gain from large organizations , experts say they see smaller organizations as lower-hanging fruit . Because a successful breach of an institution with fewer information security resources is easier to achieve and more likely to have a meaningful impact , it is also more likely to result in a payment . “ Small businesses are frequently a more appealing target for ransomware because they sit at the juncture of money and vulnerability , ” says Ryan Olson , director of the Palo Alto Networks Unit 42 cybersecurity threat intelligence team . “ They frequently have more money than individuals , but being small businesses , they lack the more sophisticated defenses that larger business have ” . “ These attackers have also learned that the most profitable method is to hit Attack.Ransom many small businesses with low ransom demands Attack.Ransom —usually $ 300 to $ 2,000 . Even small businesses can generally afford to pay those amounts ” . — Eric Hodge , director of consulting , IDT911 Consulting The stats are staggering . The frequency of ransomware attacks Attack.Ransom against organizations with fewer than 200 employees is poised to “ triple or quadruple ” from that of 2015 , according to Eric Hodge , director of consulting for IDT911 Consulting . And 60 percent of small businesses that suffer a ransomware attack Attack.Ransom are already going out of business within six months , according to the U.S. National Cyber Security Alliance . For many small businesses , if the ransom Attack.Ransom is low enough , and data backups aren ’ t available , experts say the most cost-effective response is often to pay the ransom Attack.Ransom . “ At this point , it seems to be the small companies , and individuals providing service as a company , who are in the crosshairs , ” Hodge says . “ These attackers have also learned that the most profitable method is to hit Attack.Ransom many small businesses with low ransom demands Attack.Ransom —usually $ 300 to $ 2,000 . Even small businesses can generally afford to pay those amounts ” . Ransomware reportedly has cost U.S. small to midsize businesses alone more than $ 75 billion in damages and payments , according to a September 2016 survey by data protection vendor Datto . Indeed , 31 percent of the Datto survey ’ s respondents said they had experienced multiple ransomware attacks Attack.Ransom within a single day , and a whopping 63 percent said these attacks led to downtime in their business operations , which could cost them as much as $ 8,500 per hour . And according to Symantec ’ s 2016 Internet Security Threat Report , 43 percent of last year ’ s phishing emails , the vast majority of which were laced with ransomware , targeted small businesses—up from 18 percent in 2011 . New research indicates that consumers similarly are becoming more attractive ransomware targets . According to a recent study from IBM X-Force , which surveyed 600 business professionals and 1,000 consumers , 54 percent of consumers said they would pay a ransom Attack.Ransom to retrieve their financial data , and 55 percent of parents said they would pay Attack.Ransom to have digital photos returned . With cybercriminals constantly upping their game in ransomware , small businesses and consumers have little choice but to remain vigilant and take “ simple steps ” to mitigate the risk of an attack , Palo Alto Networks ’ Olson says . In addition to keeping systems up-to-date with security updates , and taking precautions before opening attachments or clicking on links , he recommends maintaining offline backups—or cloud-based backups outside your network—to recover potentially compromised files .

Cyberthieves are increasingly targeting the malicious software , which locks all files on a targeted computer or network until the owner pays up Attack.Ransom , at smaller and arguably more vulnerable organizations . The Catholic Charities of Santa Clara County in California was a recent target . Seconds after a co-worker clicked on a malicious email attachment , “ the compressed file she had opened connected her computer with a server in the Ukraine , ” says Will Bailey , director of IT for the organization . “ It downloaded the ransomware code and began to encrypt files on her device ” . While cyberthieves ostensibly have more to gain from large organizations , experts say they see smaller organizations as lower-hanging fruit . Because a successful breach of an institution with fewer information security resources is easier to achieve and more likely to have a meaningful impact , it is also more likely to result in a payment . “ Small businesses are frequently a more appealing target for ransomware because they sit at the juncture of money and vulnerability , ” says Ryan Olson , director of the Palo Alto Networks Unit 42 cybersecurity threat intelligence team . “ They frequently have more money than individuals , but being small businesses , they lack the more sophisticated defenses that larger business have ” . “ These attackers have also learned that the most profitable method is to hit Attack.Ransom many small businesses with low ransom demands Attack.Ransom —usually $ 300 to $ 2,000 . Even small businesses can generally afford to pay those amounts ” . — Eric Hodge , director of consulting , IDT911 Consulting The stats are staggering . The frequency of ransomware attacks Attack.Ransom against organizations with fewer than 200 employees is poised to “ triple or quadruple ” from that of 2015 , according to Eric Hodge , director of consulting for IDT911 Consulting . And 60 percent of small businesses that suffer a ransomware attack Attack.Ransom are already going out of business within six months , according to the U.S. National Cyber Security Alliance . For many small businesses , if the ransom Attack.Ransom is low enough , and data backups aren ’ t available , experts say the most cost-effective response is often to pay the ransom Attack.Ransom . “ At this point , it seems to be the small companies , and individuals providing service as a company , who are in the crosshairs , ” Hodge says . “ These attackers have also learned that the most profitable method is to hit Attack.Ransom many small businesses with low ransom demands Attack.Ransom —usually $ 300 to $ 2,000 . Even small businesses can generally afford to pay those amounts ” . Ransomware reportedly has cost U.S. small to midsize businesses alone more than $ 75 billion in damages and payments , according to a September 2016 survey by data protection vendor Datto . Indeed , 31 percent of the Datto survey ’ s respondents said they had experienced multiple ransomware attacks Attack.Ransom within a single day , and a whopping 63 percent said these attacks led to downtime in their business operations , which could cost them as much as $ 8,500 per hour . And according to Symantec ’ s 2016 Internet Security Threat Report , 43 percent of last year ’ s phishing emails , the vast majority of which were laced with ransomware , targeted small businesses—up from 18 percent in 2011 . New research indicates that consumers similarly are becoming more attractive ransomware targets . According to a recent study from IBM X-Force , which surveyed 600 business professionals and 1,000 consumers , 54 percent of consumers said they would pay a ransom Attack.Ransom to retrieve their financial data , and 55 percent of parents said they would pay Attack.Ransom to have digital photos returned . With cybercriminals constantly upping their game in ransomware , small businesses and consumers have little choice but to remain vigilant and take “ simple steps ” to mitigate the risk of an attack , Palo Alto Networks ’ Olson says . In addition to keeping systems up-to-date with security updates , and taking precautions before opening attachments or clicking on links , he recommends maintaining offline backups—or cloud-based backups outside your network—to recover potentially compromised files .

Cybercriminals have another easy-to-use ransomware kit to add to their arsenals , thanks to a new variant called Karmen that hackers can buy on the black market for $ 175 . A Russian-speaking user called DevBitox has been advertising the ransomware in underground forums , security firm Recorded Future said in a blog post on Tuesday . Karmen is what experts call ransomware-as-a-service -- a particularly worrisome trend . Amateur hackers with little technical know-how can buy access to them , and in return , they ’ ll receive a whole suite of web-based tools to develop their own ransomware attacks . In Karmen 's case , it offers an easy-to-use dashboard interface . Buyers can modify the ransomware , view what machines they 've infected , and see how much they ’ ve earned . To spread ransomware , hackers will often rely on spam emails with an attachment or a link to a website that contains malicious coding . Once it infects a computer , the ransomware will then encrypt the files hosted inside . To release the files , victims will have to pay up Attack.Ransom , usually in bitcoin . DevBitox , one of the developers behind Karmen , has posted messages in various forums saying that Russian and English language versions of the ransomware-as-a-service are available . The dashboard to the Karmen ransomware-as-a-service . So far , the hacker has sold 20 copies of Karmen , according to Recorded Future , which noted that the first infections of the ransomware variant occurred as early as December in Germany and the U.S . The $ 175 fee is a one-time upfront payment , said Andrei Barysevich , a director at Recorded Future . “ This lowers the barrier for other criminals to carry out ransomware attacks Attack.Ransom , and allows buyers to retain 100 percent of payments from their infected victims , ” he added . However , victims hit Attack.Ransom with the Karmen ransomware have recourse . That ’ s because the malicious coding is derived from Hidden Tear , an open source ransomware project . Cybercriminals have been using Hidden Tear to build their own ransomware variants . However , security experts have been responding with free decryption tools designed to release computers of the infections . Michael Gillespie , a security researcher , has developed his own decryption key generator that can address ransomware built from Hidden Tear . He advises that victims contact him for help . Gillespie has also developed a site that can diagnose what kind of ransomware has infected a computer , and offers advice on how it might be fixed . No More Ransom is another site with free tools that can decrypt certain ransomware infections . Security experts also recommend that businesses make routine backups of their important systems , in the event of a ransomware attack Attack.Ransom .

A Twitter user by the name @ EugenePupov is trying to take credit for the massive phishing attack Attack.Phishing that hit Attack.Phishing Gmail users last night , and which attempted to trick Attack.Phishing users into granting permission for a fake Google Docs app to access their Gmail inbox details . While Google intervened and stopped the self-spreading attack about an hour after it started — which is a pretty good response time — questions still linger about who was behind it . If there 's one thing we know for sure , is that the fake Google Docs app was registered using the email eugene.pupov @ gmail.com . The owner of the aforementioned @ EugenePupov Twitter account , who took credit for the attacks , claimed in a series of tweets [ assembled below ] it was only a test . While some might think this is an open & close case , it is not quite so . For starters , the Twitter account was registered yesterday , on the same day of the attack , which is n't necessarily suspicious , but it 's odd . Second , if you would try to reset that Twitter account 's password , you 'll see that the Twitter account is n't registered with the same address used in the phishing attacks Attack.Phishing . Registering a Twitter account with the eugene.pupov @ gmail.com email would n't haven been possible either way , as this Gmail address is n't registered at all . Furthermore , a Coventry University spokesperson told Bleeping Computer today that no person with the name Eugene Pupov is currently enrolled at their institution . Later they confirmed it on Twitter . If things were n't shady enough , the Twitter account used a profile image portraying a molecular biologist named Danil Vladimirovich Pupov , from the Institute of Molecular Genetics , at the Russian Academy of Sciences . When other users called out [ 1 , 2 ] the Twitter account for using another person 's image , the man behind the @ EugenePupov account simply changed it to a blank white image . To clarify what exactly is going on with the Twitter account images , we 've reached out to the real Danil Pupov hoping for some answers , as we were n't able to find any good reasons for why a molecular biologist would fiddle around with Gmail spam campaings and fake Google Docs apps . As things are looking right now , it appears that someone is either in the mood for a prank , or the real person behind the attack is trying to plant a false flag and divert the attention of cyber-security firms investigating the incident [ 1 , 2 ] . As for Google , after a more thorough investigation , the company says that only 0.1 % of all Gmail users received Attack.Phishing the phishing email that contained the link to Pupov 's fake Google Docs app that requested permission to access users ' inboxes . That 's around one million users of Gmail 's one billion plus userbase .

A cybersecurity firm said that the recent WannaCry ransomware attacks Attack.Ransom may be connected to the group that orchestrated one of the biggest cyberheists in history that involved a Philippine bank . Kaspersky Lab , a cybersecurity and antivirus provider in Moscow , said in a statement that a security researcher at Google found an “ artifact ” on Twitter potentially linking the WannaCry ransomware attacks Attack.Ransom that hit Attack.Ransom organizations and individuals in several dozen countries and the Lazarus hacking group which was responsible for several devastating cyberattacks on government organizations , media firms and financial institutions in recent years . “ On Monday , May 15 , a security researcher from Google posted an artifact on Twitter potentially pointing at a connection between the WannaCry ransomware attacks Attack.Ransom that recently hit Attack.Ransom thousands of organizations and private users around the world , and the malware attributed to the infamous Lazarus hacking group , responsible for a series of devastating attacks against government organizations , media and financial institutions , ” Kaspersky said . Late last week , a worm dubbed WannaCry locked up more than 200,000 computers in more than 150 countries , disrupting Attack.Ransom operations of car factories , hospitals , shops , schools and other institutions . The attack on late Friday was slowed down after a security researcher took control of a server linked to the attack , crippling its ability to rapidly spread across the world . The Lazarus group meanwhile has been linked to several large-scale operations such as the attacks against Sony Pictures in 2014 and a series of similar attacks that continued until 2017 . One of the biggest attacks carried out by the Lazarus group was the Central Bank of Bangladesh heist in 2016 , one of the biggest in history . In that operation , hackers sent Attack.Phishing fraudulent messages that were made to appear to be Attack.Phishing from the Bangladeshi central bank to transfer $ 1 billion from its account in the Federal Reserve of New York . Most of the transfers were blocked but about $ 81 million was sent to RCBC in the Philippines . The money was moved around to make it difficult to trace . Kaspersky said that the Google researcher pointed at a WannaCry malware sample which appeared in February 2017 , weeks before the late Friday attack . Based on the analysis of Kaspersky researchers , it was confirmed that there was “ clear code similarities ” between the sample highlighted by the Google expert and the malware samples used by the Lazarus group in their 2015 attacks . Kaspersky however admitted that the similarities might be a false flag although another analysis of the February and WannaCry samples used in the recent operation showed that the code which could point at the Lazarus group was removed from the malware . Kasperksy said that this could be an attempt to cover the traces of the perpetrators of the WannaCry operations . “ Although this similarity alone does n't allow proof of a strong connection between the WannaCry ransomware and the Lazarus Group , it can potentially lead to new ones which would shed light on the WannaCry origin which to the moment remains a mystery , ” Kaspersky said .