Companies and individuals in Japan are finding their computers are increasingly targeted by ransomware campaign Attack.Ransom that bar victims from accessing important files unless they pay money Attack.Ransom . “ Attacks on Japanese businesses have been particularly large in number , ” said Masakatsu Morii , a professor of information and telecommunications engineering at Kobe University ’ s Graduate School of Engineering . Ransomware typically infects computers when its user opens a file attached to spam mail from a sender pretending to be Attack.Phishing a legitimate entity such as a parcel delivery company , according to the government-affiliated Information-Technology Promotion Agency . The malicious programs encrypt the infected computers ’ files , and users can only open them after paying Attack.Ransom the perpetrators money to obtain a special key to unlock them . Yoshihito Kurotani , a researcher at the agency ’ s engineering department , said the programs employ basic encryption technologies . Kurotani ’ s agency has received numerous inquiries asking for help from victims who can not access their photos or business files . The bogus emails “ used to be written in English or unnatural Japanese , but we have seen increasing attacks using natural Japanese recently , ” Kurotani said . Computer security firm Trend Micro Inc. said it received 2,810 reports of ransomware attacks Attack.Ransom nationwide in 2016 — a 3.5-fold jump from the previous year . “ Tactics are expected to be even more sophisticated in 2017 , ” a Trend Micro official said . A survey conducted by the firm last June shows that about 60 percent of companies that were attacked Attack.Ransom paid ransoms Attack.Ransom . The payment in one case exceeded ¥10 million ( $ 88,000 ) . The extortion Attack.Ransom and the transactions in the ransomware programs themselves have become a profitable business for cybercriminals . The programs are traded on online black markets that can not be accessed without the use of special software . In the “ dark web ” networks , various programs are sold , including multilingual ones and one that can be used for a “ lifetime ” for just $ 39 . The people who post the programs make profits by taking a share of ransoms collected Attack.Ransom . Firms undertaking the delivery of unsolicited emails do business there , too . Katsuyuki Okamoto , a security “ evangelist ” at Trend Micro , said it has become easier and easier to be involved in or become a victim of cybercrime . Cybersecurity experts warn that users should protect their computers by always keeping operating systems and anti-malware software up-to-date and should constantly back up their data . They said victims should never pay ransoms Attack.Ransom as there is no guarantee their files will actually be restored . “ If you pay money Attack.Ransom to the criminals , that will only help them create a new virus , ” Okamoto said .

It ’ s safe to say that 2016 was the year of ransomware . More specifically , the year of crypto-ransomware , that nefarious variant that encrypts files and holds them captive until a ransom is paid Attack.Ransom . Since the release of Cryptolocker in late 2013 , crypto-ransomware has exploded , and 2016 was a banner year . As a matter of fact , according to the FBI , cyber criminals used ransomware to steal Attack.Ransom more than $ 209 million from U.S. businesses in just the first quarter of 2016 . And according to a recent report from Kaspersky Labs , from January to September of 2016 , ransomware attacks targeting companies increased by a whopping 300 percent . With threat actors realizing ransomware ’ s lucrative potential , they bombarded the industry with new attacks in 2016 . This variant hit the wild in early 2016 , infecting systems using AES encryption . It not only infects mapped file shares , but any networked share , so remote drives are at risk . This attack was so potent experts estimate it infected more than 100,000 victims per day at its peak . More recently , hackers went after the beloved San Francisco Municipal Transport Agency ( MUNI ) . If you were in the area in late November , you may have gotten the message “ You Hacked ” at public transit ticket kiosks . The city ’ s light rail was hit by ransomware that forced them to offer Attack.Ransom free rides for two days while they recovered the files . Or , what about Popcorn , the ingenious little in-development ransomware variant in December that turned victims into attackers by incentivizing them with a pyramid scheme-style discount . Send the infection to two of your friends , and you get your files back for free . Ransomware perhaps hit Attack.Ransom healthcare the hardest in 2016 , with some reports claiming 88 percent of all ransomware affected hospitals . Whether large or small , no provider could hide from hackers looking to nab and encrypt patient data , disrupting care until the provider paid up Attack.Ransom or recovered files . The New Jersey Spine Center and Marin Healthcare District were attacked Attack.Ransom by Cryptowall , which encrypted electronic health records , backup files and the phone system . MedStar , which operates 10 hospitals in the D.C and Baltimore area , was forced to shut down its entire IT system and revert to paper records . And the list goes on and on with names like California ’ s Hollywood Presbyterian Medical Center , The University of Southern California ’ s Keck and Norris Hospital , Kansas Heart Hospital , Alvarado Medical Center , King ’ s Daughter ’ s Health , Chino Valley Medical Center and Desert Valley Hospital , and more . Criminals have obviously realized the awesome money-making potential of ransomware , and you should expect them to double-down in 2017 . That said , how can they make an already effective threat even more widespread ? Every year I try to predict changes and evolutions to the threat and security landscape . In this year ’ s predictions , I forecast that you ’ ll see the first ever , wide-spread ransomworm . This new variant will dramatically accelerate the spread of ransomware . Years ago , network worms like CodeRed , SQL Slammer , and more recently , Conficker were pretty common . As you probably know , a worm is a type of malware that automatically spreads itself over a network , using either legitimate network file sharing features , or network software vulnerabilities . In the past , the fastest spreading worms – like the examples mentioned above – exploited Vulnerability-related.DiscoverVulnerability network software flaws to automatically propagate through networks ( whether the Internet or just your internal network ) . Although we haven ’ t seen many wildly successful network worms lately , they ’ re still a threat . All it takes is for one black hat to find Vulnerability-related.DiscoverVulnerability a new zero-day networking software flaw and wide-spread ransomworm becomes a real possibility . In fact , attackers may not even need to know a new networking flaw to create a successful ransomware . By stealing Attack.Databreach a computer ’ s local credentials , attackers can use normal Windows networking , or tools like Powershell to spread through an internal Windows network without leveraging any vulnerability at all . Now , imagine ransomware attached to such a network worm . After infecting one victim , it could tirelessly copy itself to every computer it could reach on your local network . Whether or not you want to imagine such a scenario , criminals have already added network-scanning capabilities to some ransomware variants , and there ’ s a high likelihood they will more aggressively merge ransomware and worm capabilities next year . In 2017 , I suspect you ’ ll see a ransomworm that automatically spreads very quickly and successfully , at least on local networks , if not the Internet . Since falling victim to ransomware can be a costly and time-consuming affair , how can you prepare to combat these evolving threats ? Backup – Sure , I know most people just want to prevent ransomware , but you ’ ll never have 100 percent assurances of that in information security . Backing up your data is an important part of security for reasons far beyond just recovering from a ransomware attack . If you don ’ t already backup your important data , ransomware is the best reason yet to do so . Patch your software – There are many ways ransomware might get on your systems , including just users manually doing foolish things . However , in order to forcefully or automatically install malware on your system , attackers must exploit software flaws . That said , vendors have already fixed Vulnerability-related.PatchVulnerability a huge percent of the vulnerabilities hackers use to spread malware . If you simply keep your patches up to date Vulnerability-related.PatchVulnerability , you won ’ t succumb to many of these forced or automated attacks , which could even help against ransomworms , assuming the network flaw they used was also patched Vulnerability-related.PatchVulnerability . Implement Killchain Defense – You won ’ t find one security technology that can protect you from 100 percent of ransomware by itself . However , there are many security controls that help protect you from various stages of a ransomware attack . For instance , Intrusion Prevention Systems ( IPS ) can prevent some of the exploits criminals use to spread ransomware . AntiVirus can catch some of the most common ransomware variants , and more modern advanced threat protection solutions can even identify and block new zero-day ransomware samples . However , none of these defenses are fool proof alone . The best way to protect your computer or organization is to combine all of them . Unified Threat Management ( UTM ) solutions often offer the easiest option for placing all these protections under one pane of glass

Retina-X Studios , the makers of several consumer-grade monitoring products , have finally announced that they have suffered a data breach Attack.Databreach . Retina-X and FlexiSpy , another spyware maker , were attacked Attack.Databreach by two hackers / hacker groups that revealed last week how they went about compromising Attack.Databreach the companies ’ assets and made off Attack.Databreach with customer and other data . “ A hacker known for SQL exploits of great magnitude was able to find a weakness in a decompiled and decrypted version of a now-discontinued product . The vulnerability hidden inside the coded software led to a breach of the database and the eventual exploit by unauthorized individuals , ” the company noted . “ According to the report , the attacker was able to break into Attack.Databreach a server that held database tables for Net Orbit , PhoneSheriff and TeenShield . The tables held information such as login usernames , subscription keys , device metadata , text messages , GPS locations , contacts ’ information , apps installed and website logs . A third-party photo storage account was also breached Attack.Databreach . Only accounts created before February 21st , 2017 were affected. ” They were quick to point out that no payment information was compromised Attack.Databreach , and they say that the attacker has not publicly released Attack.Databreach the stolen data – and he seemingly does not plan to . They are also trying to differentiate itself from the other victim ( FlexiSpy ) , by saying that their software can ’ t be used to monitor individuals that the monitorer has no legal right to keep under surveillance ( e.g . their employees or their underage children ) , because this would violate their terms of service and the account would be terminated . “ Our child and employee monitoring software shows up as an icon and in the Installed Apps list of devices . There are also notifications to let the user of the device know that activities are being monitored , ” the company noted , while failing to mention that these notifications can be turned off and the icon removed . They also did not mention how or how quickly they are able to discover that someone is using the software to perform illegitimate surveillance . For all we know , it could be weeks or months , but even days are too much for people who are spied on in this way .

The same group of hackers that intelligence officials believe swung the US election in favour of Donald Trump has also attacked Norwegian targets within the military and foreign service . Called “ Fancy Bear , ” computer security experts believe Russia is behind the hacking that ’ s aimed at political manipulation and destablization of western democracies . Norway ’ s foreign ministry has been among the targets of hackers , also abroad . DN reported that the list of targets is long , including embassies and ministries in more than 40 countries , several NATO and EU institutions , political and military leaders , well-known journalists , activists and academics . Most haven ’ t been aware they were attacked Attack.Phishing when they clicked on links in email that seemed to come from Attack.Phishing people they knew . The attacks Attack.Databreach enabled the hackers to steal Attack.Databreach confidential information by penetrating email accounts and internal systems . The attacks in Norway only make up 2 percent of attacks on military and political institutions , DN reported , but local authorities are on high alert for more . The US ’ FBI , CIA and NSA have all described the attacks as the largest Russian attempt to gain influence in the US ever . Russian authorities from President Vladimir Putin ’ s office on down have vigorously denied they ’ re behind the hacking . In addition to the attacks on foreign ministry and military interests , email accounts at Norway ’ s Greens Party ( Miljøpartiet De Grønne , MDG ) were hacked last June and the attacker gained access to the party ’ s membership register . A few weeks later , Norway ’ s Socialist Left party ( SV ) was also attacked , with the hackers gaining access to SV ’ s membership register as well . A false profile was established ono the party ’ s internal debate forum . Both attacks remain under investigation , according to the Oslo Police District . “ It can seem that security is not good enough , ” Grandhagen told DN , but it ’ s demanding and expensive for such organizations to fend off the hackers . Norwegian political parties aren ’ t required by law to test their data systems for possible penetration . “ Information that should not or must never come out should never be sent via Hotmail or email that ’ s not classified , ” Bernsen said .