A malware virus has paralyzed the computers of Licking County , Ohio , including the county ’ s police force . Hackers are seeking a whole lot of money Attack.Ransom to return control of the network to its rightful owners . The importance of great network security can not be overstated . Officials in Licking County have learned this lesson the hard way , as hackers have installed a computer virus , known as ‘ ransomware , ' that has locked up the local government 's entire network , including that of the police force . Emergency services are still working , however . `` You lose your computers , the world changes a little bit , '' remarked Licking County commissioner Tim Bubb . Apparently , someone in the office downloaded the malware by clicking on a link in a phishing email , or just downloaded the virus from some malicious website . Ransomware is a type of computer virus that encrypts data on a user 's computer , making it inaccessible . The ransomware then displays a message onscreen , ordinarily demanding money Attack.Ransom and providing a sole text input field in which a user must enter an unlock code provided by the malefactor , after the money is paid Attack.Ransom . `` All county offices remain open , but online access and landline telephones are not available for those on the county system . The shutdown is expected to continue at least the rest of the week , '' according to the Newark Advocate news website . According to Bubb , the 911 office , due to budget restrictions , had not shifted to an online-accessible network , and so was working in normal capacity . `` Because they 're working manually , they have made the staff a little more robust , '' he said . He underscored that people can call 911 , and that every emergency call is answered and responded to , using paper , printed maps , dry-erase boards and was dispatching first responders with old-fashioned radios . `` People of Licking County , we believe , are protected as they always are with 911 , '' he added , according to WCMH-TV . The amount of ransom demanded Attack.Ransom by the hackers remains undisclosed , as well as whether the ransom will be paid Attack.Ransom . `` We 're dealing with a criminal element . It 's a crime against the people of Licking County and its government . '' Bubb said , adding that the county government currently is seeking the assistance of cybersecurity experts . According to Sean Grady , director of the Licking County Emergency Management Agency and Regional 911 Center , resolving the situation will take time . `` It 's going to be awhile , '' Grady said . `` Until they identify what it was , they do n't know how to fix it . '' Maybe Licking County officials should turn toward cybersecurity experts in Russia . Dr . Web , a Russia-based antivirus developer and cyber security service provider , has been particularly effective in dealing with ransomware since early versions appeared in Russia some five years ago . The company has a web page dedicated to ransomware observing that using brute force to break modern ransomware encryption would take 107,902,838,054,224,993,544,152,335,601 years , at current processor speeds , and the average ransom sum Attack.Ransom can reach up to 1500 bitcoins ( $ 49,500 currently ) . `` Things can even get rather peculiar . In one situation , a user paid a ransom Attack.Ransom to their attackers , but their attackers could not decipher the files encrypted by their own Trojan.Encoder ( Cryptolocker ) , and advised the user to seek help… from Doctor Web 's technical support service , '' the webpage reads .

Authorities on Wednesday charged two Iranian citizens for the ransomware cyber attack Attack.Ransom that hobbled the city of Atlanta ’ s computer network in March , and the federal indictment outlines the pair ’ s massive nationwide scheme to breach computer networks of local governments , health care systems and other public entities . The defendants , Faramarz Shahi Savandi , 34 , and Mohammad Mehdi Shah Mansouri , 27 , are alleged to have developed the SamSam ransomware , malicious software that encrypts data until the infected organizations paid ransom Attack.Ransom . All told , the pair inflicted harm on more than 200 victims across the country and collected roughly $ 6 million in ransom Attack.Ransom over a three year period dating back to 2015 . Their scheme caused over $ 30 million in losses to various entities , according to federal authorities . The hack to city of Atlanta computers in March crippled city business for days . One internal report that surfaced in August estimated the damage to the city could cost up to $ 17 million . “ We ’ re glad that these people will be brought to justice , ” Mayor Keisha Lance Bottoms told Channel 2 Action News . “ Hopefully this will stop another municipality from experiencing what we did. ” “ The defendants allegedly hijacked victims ’ computer systems and shut them down until the victims paid a ransom Attack.Ransom , ” said Deputy Attorney General Rod Rosenstein , speaking at a press conference in Washington D.C. “ Many of the victims were public agencies with missions that involve saving lives and performing other critical functions for the American people. ” The two men are not in U.S. custody , and Iran has no extradition treaty with the U.S . But Justice Department officials expressed confidence that the Savandi and Mansouri ’ s travel patterns would subject them to being captured . Atlanta officials have repeatedly denied paying Attack.Ransom the $ 51,000 in ransom demanded Attack.Ransom by the hackers and the 26-page federal indictment released Wednesday doesn ’ t directly address which cities and entities paid ransom Attack.Ransom . Brian Benczkowski , an assistant attorney general for the U.S. Justice Department , told reporters on Wednesday that the agency wouldn ’ t identify which victims paid Attack.Ransom the attackers . A city of Atlanta spokesperson on Wednesday said again that no one acting on the city ’ s behalf , including its insurance carrier , paid any ransom Attack.Ransom . But the indictment has two references to Atlanta and it raises questions about whether or not the city paid ransom Attack.Ransom . The indictment describes the March 22 assault Attack.Ransom on Atlanta ’ s network and the effort by the two men to demand ransom Attack.Ransom . In one paragraph , the indictment says they demanded ransom Attack.Ransom from Atlanta in Bitcoin payments in exchange for encryption keys to recover the city ’ s compromised data . The next paragraph says that on April 19 , Savandi “ received funds associated with ransom proceeds Attack.Ransom , which were converted into Iranian rial and deposited by ” an currency exchanger . The indictment does not say if those proceeds were associated with the Atlanta attack . But Ralph Echemendia , a computer hacking consultant who advises corporations on cyber security , said he read the indictment and thinks the payment was associated with the Atlanta attack because it would be one way that federal agents connected the breach to Savanda and Mansouri . The indictment describes how the two men demanded payments Attack.Ransom in bitcoins , a so-called crypto currency , and in Atlanta ’ s case , the demand Attack.Ransom equaled roughly $ 50,000 . “ The moment you try and turn it into dollars , euros or any kind of real currency it has to go through an exchange , ” Echemendia said . “ At that point the exchange would have to work with law enforcement … ultimately that is going to wind up in somebody ’ s back account. ” The Justice Department declined to answer a question from the AJC about whether April 19 exchange of bitcoins into Iranian rial described in the indictment was related to Atlanta ’ s attack . Tony UcedaVelez , CEO of Versprite , an Atlanta based security services said the language in the indictment does make it seem a ransom was paid Attack.Ransom on the city ’ s behalf . But he said it could have been made by someone in law enforcement hoping the funds would lead to the attackers . UcedaVelez also pointed to an attachment in the indictment that indicated someone associated with the city had followed the attackers ’ initial instructions . The indictment included a ransom note to Newark instructing it on how to download a Tor network browser and visit the attackers ’ website where victims could upload two files to be decrypted as a demonstration . Newark paid its ransom Attack.Ransom of roughly $ 30,000 . Another attachment shows the ransom website the attackers created for the city of Atlanta on the Tor network . To get there , someone would have had to download the Tor browser . And it appeared they had uploaded a couple of files for the demonstration . “ Files available to decrypt : 2 , ” read a statement on the site .

Small and medium businesses across Europe are being actively targeted by ransomware attacks Attack.Ransom , new research has shown . According to data protection firm Datto , 87 % of European IT service providers it surveyed said their SMB customers had been hit Attack.Ransom by a ransomware attack Attack.Ransom at some point during the previous 12 months . Additionally , 40 % of respondents reported multiple attacks during that time . Just over a quarter of respondents ( 27 % ) reported experiencing multiple attacks in a single day . In terms of the impact these attacks are having , the survey revealed the average ransom demanded Attack.Ransom was between £500 and £2000 . In 15 % of reported cases the demand was in excess of £2000 . Nearly half ( 47 % ) said paying the ransom Attack.Ransom was ineffective , as they still lost some of the data that had been encrypted by the attackers . As well as financial penalties , ransomware attacks Attack.Ransom can also impact the business in other ways . A majority of respondents ( 62 % ) said they ’ d experienced downtime during the attack . For smaller organizations , the combination of financial loss and downtime can threaten the continued operation of the business , Datto said . Frustratingly , just 40 % of ransomware victims end up reporting the crime to the authorities . The FBI has previously said that reporting ransomware attacks Attack.Ransom will help it get a better understanding of exactly how many attacks are occurring as well as help the industry develop its defenses ; traditional antivirus has so far proved to be ineffectual against most ransomware . “ Ransomware is more than just a nuisance ; it ’ s a major money-making operation backed by professional and well-funded organizations , ” said Andrew Stuart , managing director , EMEA at Datto .

On March 24 , 2017 , a member of a top-tier Russian cyber criminal forum posted an advertisement for “ Fatboy , ” a new ransomware-as-a-service ( RaaS ) product . The advertiser , operating under the username “ polnowz , ” describes Fatboy as a partnership , offering support and guidance through Jabber . While the RaaS has not yet received any endorsements or feedback from the hacking community , on March 26 , “ ilcn , ” a reputable member of the forum , offered to assist polnowz with translation in the product . The Fatboy ransomware is dynamic in the way it targets its victims ; the amount of ransom demanded Attack.Ransom is determined by the victim ’ s location . According to polnowz , Fatboy uses a payment scheme based on The Economist ’ s Big Mac Index ( cited as the “ McDonald ’ s Index ” in the product description ) , meaning that victims in areas with a higher cost of living will be charged more to have their data decrypted . Purchasers of the Fatboy RaaS partner directly with the author of the malware and not through a third-party vendor . Potential partners also receive payment Attack.Ransom instantly when a victim pays their ransom Attack.Ransom , adding another level of transparency to this partnership . Since February 7 , 2017 , the author of the Fatboy RaaS has purportedly earned at least $ 5,321 USD from their own ransomware campaigns Attack.Ransom using this product . A computer infected with the Fatboy malware will display the above message , explaining that the user ’ s files have been encrypted , stating the ransom Attack.Ransom amount , and warning the user against interfering with the ransomware . The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers . Additionally , the automatic price adjustment feature shows an interest in customizing malware based on the targeted victim . Organizations should be aware of the adaptability of Fatboy , as well as other ransomware products , and continuously update their cyber security strategies as these threats evolve .

The IT security researchers at Trend Micro recently discovered malware that has the potential to infect Linux-based servers . The malware , called Erebus , has been responsible for hijacking 153 Linux-based networks of a South Korean web-hosting company called NAYANA . Erebus is a ransomware capable of infecting Linux operating systems . As such , around 3,400 of NAYANA ’ s clients were affected due to the attack with databases , websites and other files being encrypted . The incident took place on 10th June . As of now , NAYANA has not received the keys to decrypt their files despite having paid Attack.Ransom three parts of the ransom Attack.Ransom . The fourth one , which is allegedly the last installment , is yet to be paid . However , according to NAYANA , the attackers claimed to provide the key after three payments Attack.Ransom . According to Trend Micro ’ s report , Erebus was originally found back in September 2016 . At the time , the malware was not that harmful and was being distributed through malware-containing advertisements . Once the user clicked on those ads , the ransomware would activate in the usual way . The initial version of the Erebus only affected 423 file types and did so using the RSA-2048 encryption algorithm , thereby encrypting the files with the .encrypt extension . Furthermore , it was this variant that was using a number of websites in South Korea as a command- & -control ( C & C ) center . Later , in February 2017 , the malware had seemingly evolved as now it had the ability to bypass User Account Control ( UAC ) . For those who may be unfamiliar with UAC , it is primarily a Windows privacy protection system that restricts anyone who is not authorized , to alter the user ’ s computer . However , this later version of the Erebus was able to do so and inject ransomware ever so conveniently . The campaign in which this version was involved demanded a ransom Attack.Ransom of 0.085 bitcoins – equivalent to USD 216 at present – and threatened to delete the files in 96 hours if the ransom Attack.Ransom was not paid Attack.Ransom . Now , however , Erebus has reached new heights by having the ability to bypass not only UAC but also affect entire networks that run on Linux . Given that most organizations today use Linux for their networks , it is no surprise to see that the effects of the malware are far-reaching . According to Trend Micro , the most recent version of Erebus uses RSA algorithm to alter the AES keys in Windows and change the encryption key as such . Also , the attack is accompanied by a Bluetooth service so as to ensure that the ransomware does not break , even after the computer is rebooted . This version can affect a total of 433 file types including databases , archives , office documents , email files , web-based files and multimedia files . The ransom demanded Attack.Ransom in this campaign amounts to 5 bitcoins , which is USD 12,344 currently . Although ransomware affecting Linux based networks are rare , they are , however , not new . Erebus is not the first ransomware to have affected networks running on Linux . In fact , Trend Micro claims that such ransomware was discovered as far back as in 2014 . Some of the ransomware include Linux.Encoder , Encrypter RaaS , KillDisk , KimcilWare and much more . All of these were allegedly developed from an open-source code project that was available as part of an educational campaign . The ransomware for Linux , despite being somewhat inferior to those for Windows , are still potent enough to cause damage on a massive scale . This is because , a number of organizations and data centers use Linux , and hijacking such high-end systems can only mean catastrophe . To avoid any accidents happening , IT officials and organizations running Linux-based networks need to take some serious precautions . The most obvious one is to simply keep the server updated with the latest firmware and anti-virus software . Furthermore , it is always a good idea to keep a back-up of your data files in two to three separate locations . It is also repeatedly advised to avoid installing unknown third-party programs as these can act as potential gateways for such ransomware . Lastly , IT administrators should keep monitoring the traffic that passes through the network and looks for anomalies by identifying any inconsistencies in event logs .