A malware virus has paralyzed the computers of Licking County , Ohio , including the county ’ s police force . Hackers are seeking a whole lot of money Attack.Ransom to return control of the network to its rightful owners . The importance of great network security can not be overstated . Officials in Licking County have learned this lesson the hard way , as hackers have installed a computer virus , known as ‘ ransomware , ' that has locked up the local government 's entire network , including that of the police force . Emergency services are still working , however . `` You lose your computers , the world changes a little bit , '' remarked Licking County commissioner Tim Bubb . Apparently , someone in the office downloaded the malware by clicking on a link in a phishing email , or just downloaded the virus from some malicious website . Ransomware is a type of computer virus that encrypts data on a user 's computer , making it inaccessible . The ransomware then displays a message onscreen , ordinarily demanding money Attack.Ransom and providing a sole text input field in which a user must enter an unlock code provided by the malefactor , after the money is paid Attack.Ransom . `` All county offices remain open , but online access and landline telephones are not available for those on the county system . The shutdown is expected to continue at least the rest of the week , '' according to the Newark Advocate news website . According to Bubb , the 911 office , due to budget restrictions , had not shifted to an online-accessible network , and so was working in normal capacity . `` Because they 're working manually , they have made the staff a little more robust , '' he said . He underscored that people can call 911 , and that every emergency call is answered and responded to , using paper , printed maps , dry-erase boards and was dispatching first responders with old-fashioned radios . `` People of Licking County , we believe , are protected as they always are with 911 , '' he added , according to WCMH-TV . The amount of ransom demanded Attack.Ransom by the hackers remains undisclosed , as well as whether the ransom will be paid Attack.Ransom . `` We 're dealing with a criminal element . It 's a crime against the people of Licking County and its government . '' Bubb said , adding that the county government currently is seeking the assistance of cybersecurity experts . According to Sean Grady , director of the Licking County Emergency Management Agency and Regional 911 Center , resolving the situation will take time . `` It 's going to be awhile , '' Grady said . `` Until they identify what it was , they do n't know how to fix it . '' Maybe Licking County officials should turn toward cybersecurity experts in Russia . Dr . Web , a Russia-based antivirus developer and cyber security service provider , has been particularly effective in dealing with ransomware since early versions appeared in Russia some five years ago . The company has a web page dedicated to ransomware observing that using brute force to break modern ransomware encryption would take 107,902,838,054,224,993,544,152,335,601 years , at current processor speeds , and the average ransom sum Attack.Ransom can reach up to 1500 bitcoins ( $ 49,500 currently ) . `` Things can even get rather peculiar . In one situation , a user paid a ransom Attack.Ransom to their attackers , but their attackers could not decipher the files encrypted by their own Trojan.Encoder ( Cryptolocker ) , and advised the user to seek help… from Doctor Web 's technical support service , '' the webpage reads .

An Indiana hospital paid a ransom Attack.Ransom of $ 55,000 to get rid of ransomware that had infected its systems and was hindering operations last week . The infection took root last week , on Thursday , January 11 , when attackers breached the network of Hancock Health , a regional hospital in the city of Greenfield , Indiana . Attackers deployed the SamSam ransomware , which encrypted files and renamed them with the phrase `` I ’ m sorry '' , according to a local newspaper who broke the news last week . Hospital operations were affected right away . IT staff intervened and took down the entire network , asking employees to shut down all computers to avoid the ransomware from spreading to other PCs . By Friday , the next day , the hospital was littered with posters asking employees to shut down any computer until the incident was resolved . While some news sites reported that the hospital shut down operations , medical and management staff continued their work , but with pen and paper instead of computers . Patients continued to receive care at the hospital 's premise . Hospital had backups but decides to pay ransom demand Attack.Ransom . The hospital said that despite having backups it opted to pay the ransom demand Attack.Ransom of 4 Bitcoin , which was worth around $ 55,000 at the time the hospital paid Attack.Ransom the sum , on Saturday morning . Hospital management told local press that restoring from backups was not a solution as it would have taken days and maybe even weeks to have all systems up and running . Hence , they decided paying the ransom Attack.Ransom was quicker . By Monday , all systems were up and running , and the hospital released a short statement on its site admitting to the incident , but with very few other details . While the hospital has not confirmed the typical SamSam attack scenario , they did say the infection was not the case of an employee opening a malware-infected email . The FBI has long asked companies and individuals affected by ransomware to report any infections via the IC3 portal so the Bureau can get a better grasp of the threat and have the legal reasons to go after such groups .

Hackers logged into the hospital ’ s remote access portal using a third-party vendor ’ s username and password . Greenfield , Indiana-based Hancock Health paid Attack.Ransom hackers 4 bitcoin or about $ 47,000 to unlock its network on Saturday , after the health system fell victim to a ransomware attack Attack.Ransom on Thursday night . Hackers compromised Attack.Databreach a third-party vendor ’ s administrative account to the hospital ’ s remote-access portal and launched SamSam ransomware . The virus infected a number of the hospital ’ s IT system and , according to local reports , the malware targeted over 1,400 files and changed the name of each to “ I ’ m sorry. ” Hancock officials followed its incident response and crisis management plan and contacted legal representation and outside security firm immediately following the discovery of the attack . Hospital leadership also contacted the FBI for advisory assistance . The incident was contained by Friday and officials said the next focus was recovery . Hancock Health was given just seven days to pay the ransom Attack.Ransom . While officials said Hancock could have recovered the affected files from backups , it would have taken days or possibly weeks to do so . And it would have been more expensive . “ We were in a very precarious situation at the time of the attack , ” Hancock Health CEO Steve Long said in a statement . “ With the ice and snow storm at hand , coupled with one of the worst flu seasons in memory , we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients . Restoring from backup was considered , though we made the deliberate decision to pay the ransom Attack.Ransom to expedite our return to full operations. ” Hackers released the files early Saturday after they retrieved the bitcoins . The hospital ’ s critical systems were restored to normal function on Monday . The forensic analysis found patient data was not transferred Attack.Databreach outside of the hospital ’ s network , and the FBI confirmed the motivation for SamSam hackers is ransom payment Attack.Ransom , not to harvest Attack.Databreach patient data . The virus did not impact any equipment used to treat patients . However , the hospital ’ s patient portal was down during the security incident . After recovery , officials asked employees to reset passwords and implemented a security feature that could detect similar attacks in the future . The breach Attack.Databreach should serve as a wake-up call that ransomware attacks Attack.Ransom can happen . However , it ’ s important to note the FBI , the U.S. Department of Health and Human Services and a laundry list of security experts have long stressed that organizations should not pay ransoms Attack.Ransom to hackers . While the hackers returned the files to Hancock , there was no guarantee that would happen . For example , Kansas Heart Hospital paid a ransom Attack.Ransom in May 2016 , and the hackers kept the files and demanded another payment Attack.Ransom . The hospital declined to pay Attack.Ransom a second time . Secondly , when an organization pays Attack.Ransom , hackers place the business on a list of those willing to pay the ransom Attack.Ransom and can expect to be hit Attack.Ransom again in the future . “ There are lists out there , if you pay once , you may end up having to pay again because you ’ ve been marked as an organization that will pay , ” said CynergisTek CEO Mac McMillan .

Authorities on Wednesday charged two Iranian citizens for the ransomware cyber attack Attack.Ransom that hobbled the city of Atlanta ’ s computer network in March , and the federal indictment outlines the pair ’ s massive nationwide scheme to breach computer networks of local governments , health care systems and other public entities . The defendants , Faramarz Shahi Savandi , 34 , and Mohammad Mehdi Shah Mansouri , 27 , are alleged to have developed the SamSam ransomware , malicious software that encrypts data until the infected organizations paid ransom Attack.Ransom . All told , the pair inflicted harm on more than 200 victims across the country and collected roughly $ 6 million in ransom Attack.Ransom over a three year period dating back to 2015 . Their scheme caused over $ 30 million in losses to various entities , according to federal authorities . The hack to city of Atlanta computers in March crippled city business for days . One internal report that surfaced in August estimated the damage to the city could cost up to $ 17 million . “ We ’ re glad that these people will be brought to justice , ” Mayor Keisha Lance Bottoms told Channel 2 Action News . “ Hopefully this will stop another municipality from experiencing what we did. ” “ The defendants allegedly hijacked victims ’ computer systems and shut them down until the victims paid a ransom Attack.Ransom , ” said Deputy Attorney General Rod Rosenstein , speaking at a press conference in Washington D.C. “ Many of the victims were public agencies with missions that involve saving lives and performing other critical functions for the American people. ” The two men are not in U.S. custody , and Iran has no extradition treaty with the U.S . But Justice Department officials expressed confidence that the Savandi and Mansouri ’ s travel patterns would subject them to being captured . Atlanta officials have repeatedly denied paying Attack.Ransom the $ 51,000 in ransom demanded Attack.Ransom by the hackers and the 26-page federal indictment released Wednesday doesn ’ t directly address which cities and entities paid ransom Attack.Ransom . Brian Benczkowski , an assistant attorney general for the U.S. Justice Department , told reporters on Wednesday that the agency wouldn ’ t identify which victims paid Attack.Ransom the attackers . A city of Atlanta spokesperson on Wednesday said again that no one acting on the city ’ s behalf , including its insurance carrier , paid any ransom Attack.Ransom . But the indictment has two references to Atlanta and it raises questions about whether or not the city paid ransom Attack.Ransom . The indictment describes the March 22 assault Attack.Ransom on Atlanta ’ s network and the effort by the two men to demand ransom Attack.Ransom . In one paragraph , the indictment says they demanded ransom Attack.Ransom from Atlanta in Bitcoin payments in exchange for encryption keys to recover the city ’ s compromised data . The next paragraph says that on April 19 , Savandi “ received funds associated with ransom proceeds Attack.Ransom , which were converted into Iranian rial and deposited by ” an currency exchanger . The indictment does not say if those proceeds were associated with the Atlanta attack . But Ralph Echemendia , a computer hacking consultant who advises corporations on cyber security , said he read the indictment and thinks the payment was associated with the Atlanta attack because it would be one way that federal agents connected the breach to Savanda and Mansouri . The indictment describes how the two men demanded payments Attack.Ransom in bitcoins , a so-called crypto currency , and in Atlanta ’ s case , the demand Attack.Ransom equaled roughly $ 50,000 . “ The moment you try and turn it into dollars , euros or any kind of real currency it has to go through an exchange , ” Echemendia said . “ At that point the exchange would have to work with law enforcement … ultimately that is going to wind up in somebody ’ s back account. ” The Justice Department declined to answer a question from the AJC about whether April 19 exchange of bitcoins into Iranian rial described in the indictment was related to Atlanta ’ s attack . Tony UcedaVelez , CEO of Versprite , an Atlanta based security services said the language in the indictment does make it seem a ransom was paid Attack.Ransom on the city ’ s behalf . But he said it could have been made by someone in law enforcement hoping the funds would lead to the attackers . UcedaVelez also pointed to an attachment in the indictment that indicated someone associated with the city had followed the attackers ’ initial instructions . The indictment included a ransom note to Newark instructing it on how to download a Tor network browser and visit the attackers ’ website where victims could upload two files to be decrypted as a demonstration . Newark paid its ransom Attack.Ransom of roughly $ 30,000 . Another attachment shows the ransom website the attackers created for the city of Atlanta on the Tor network . To get there , someone would have had to download the Tor browser . And it appeared they had uploaded a couple of files for the demonstration . “ Files available to decrypt : 2 , ” read a statement on the site .

He 's experimented with a simulated water treatment system based on actual programmable logic controllers ( PLCs ) and documented how these can be hacked . David Formby , a PhD student at Georgia Institute of Technology , conducted his experiment to warn the industry about the danger of poorly-secured PLCs . These small dedicated computers can be used to control important factory processes or utilities , but are sometimes connected to the internet . For instance , Formby found that 1,500 of these industrial PLCs are accessible online , he said while speaking at the RSA cybersecurity conference on Monday . It 's not hard to imagine a hacker trying to exploit these exposed PLCs , he added . Cybercriminals have been infecting businesses across the world with ransomware , a form of malware that can hold data hostage Attack.Ransom in exchange for bitcoin . For a hacker , holding an industrial control system hostage Attack.Ransom can also be lucrative , and far more devastating for the victim . “ He ( the hacker ) can threaten to permanently damage this really sensitive equipment , ” Formby said . In a month 's time he developed a ransomware-like attack to control the PLCs to fill the storage tank with too much chlorine , making the water mix dangerous to drink . Formby also managed to fool the surrounding sensors into thinking that clean water was actually inside the tank . A hacker wanting to blackmail Attack.Ransom a water utility could take a same approach , and threaten to taint the water supply unless paid a ransom Attack.Ransom , he warned . Real-world water treatment systems are more sophisticated than the generic one he designed , Formby said . However , poorly-secured PLCs are being used across every industry , including in oil and gas plants and manufacturing . Most of these PLCs he found that were accessible online are located in the U.S. , but many others were found in India and China , he said . Formby recommends that industrial operators make sure they understand which systems connect to the internet , and who has control over them . He ’ s also set up a company designed to help operators monitor for any malicious activity over their industrial control systems .