01.01.2021
Results 1 to 2 of 2

Thread: Police dept. pays a ransom after computer systems infected by ransomware

  1. #1
    Non Ignorants check two's Avatar
    Join Date
    Jan 1970
    Posts
    42,230
    Rep Power
    10

    Default Police dept. pays a ransom after computer systems infected by ransomware

    It's a chilling moment: A message appears on a computer screen, saying the files are encrypted and the only way to access them is by paying a ransom.

    It happened at Jeff Salter's home health care business last December. The network of nearly 30 computers at Caring Senior Service was infected with ransomware, malicious software that hackers use to try to extort money from people and businesses by preventing them from opening or using documents, pictures, spreadsheets and other files. If computer users don't pay, there's no way they can access their files.

    Ransomware is one of the fastest-growing forms of hacking, cybersecurity experts say. Anyone from a home computer user to a Fortune 500 company can be infected. It can also attack smartphones. The smaller the users, the more vulnerable they are to losing their files — unless they have a secure backup for their system or go through the complicated process of paying cybercriminals.

    Salter thought he was prepared for such an invasion. Most of his files were backed up in a place hackers couldn't access, and he was able to restore his information. But one machine wasn't; it contained marketing materials for his San Antonio-based franchise chain with 55 locations. Salter paid a $500 ransom.

    "It would have cost us $50,000 to try to spend the time to recreate the stuff," Salter says. "It would have been pretty devastating if we'd lost all that."

    EVERYONE'S AT RISK

    Like many hackers' tools, ransomware can arrive in emails with links or attachments that, when clicked on, unleash software into files. Attacks can also occur when users visit websites; cybercriminals can attach computer code even to well-known sites operated by tech-savvy companies, says technology consultant Greg Miller of CMIT Solutions of Goshen, New York.

    Anyone can be hit: individuals, big and small companies, even government agencies. The Durham, New Hampshire, police department was attacked by ransomware in June when an employee clicked on a legitimate-looking email. The department's 20 computers were cleared of the ransomware and files were restored from a backup system. The Swansea, Massachusetts, police department, meanwhile, had to pay a $750 ransom after it was attacked.

    "We certainly are seeing ransomware as a common threat out there," says FBI Special Agent Thomas Grasso, who is part of the government's efforts to fight malicious software including ransomware.

    Attacks are generally random, but specific companies and people can be targeted. Many small businesses and individuals are at risk because they lack technology teams and sophisticated software to protect them from hackers, says Keith Jarvis, a vice president at Dell SecureWorks, a security arm of the computer maker. Many don't have secure backup systems that will allow them to retrieve uninfected files.

    Hackers can invade computers at large companies, as seen in attacks at companies like retailer Target Corp. that stole customer information. Big companies' risks from ransomware are relatively low; they have backups and separate computers for departments like sales or accounting, Jarvis says. An email click in one department could infect one or more computers, but likely wouldn't spread elsewhere.

    Cyber criminals are starting to target small businesses more than in the past because they're vulnerable, says Liam O'Murchu, a security executive at antivirus software maker Symantec Corp. Symantec and other companies involved in cybersecurity work with the government to try to identify hackers.

    One way hackers fool small businesses is by attaching realistic-looking invoices to emails, O'Murchu says.

    It's not known who the hackers are, he says. A version of ransomware called Cryptolocker was shut down in 2014. None of the hackers or groups of hackers have been caught.

    ATTACKED AND NO BACKUP

    A computer user gets a message saying files have been encrypted and is given instructions to pay a ransom, often between $500 and $700. Ransoms must be paid in bitcoins, an online currency.

    If files are backed up securely, users can remove infected files and software from a computer and reset it to what's called factory condition. Files from the backup sites are then restored to the computer.

    Freelance writer Sandra Gordon paid $637 when her computer was infected in January. Gordon, who faced losing files going back 16 years, decided to pay after technicians said there was nothing they could do. She didn't have a secure backup.

    Typically, when the ransom's paid, hackers email a computer code to the user so the files can be released. But Gordon, based in Weston, Connecticut, didn't get her code for five days, and had to plead with the hackers via email to send it to her.

    "It was very lonely and scary and hard to imagine even going forward as a business," she says.









  2. #2
    Non Ignorants check two's Avatar
    Join Date
    Jan 1970
    Posts
    42,230
    Rep Power
    10

    Default

    ---- Ransomware strain breaks, victims avoid payment


    A new strain of ransomware has been broken, allowing for victims to circumvent payment and access their locked data.

    The Scraper ransomware, originally known as Torlocker, was discovered in October last year and granted the name Trojan-Ransom.Win32.Scrape. The ransomware encrypts a victim's files -- including documents, video, images and database copies -- and demands a ransom of at least $300 to unlock and decrypt documents.

    However, due to errors in encryption algorithms, in 70 percent of cases files can be unlocked without submitting to the attacker's demands.

    In a blog post, Kaspersky Labs analyzes the ransomware strain in detail, and within the security company's findings is the fact that in most cases, victims can get their data back without giving into demands for money.

    First appearing in an attack against Japanese users last year, the crypto-ransomware samples obtained by Kaspersky come in both Japanese and English versions. The Trojan uses the Tor network and a proxy server to contact its owners after landing on victim computer systems via the Andromeda botnet.

    After demanding upwards of $300, if the malware is detected and deleted by an antivirus program -- after files are encrypted -- the Trojan installs the following wallpaper on the user's desktop with a link to its executable file.



    Victims can re-download the malicious code and notify its operators that the ransom has been paid through a dedicated TorLocker window. The data is then sent through to a command and control (C&C) server which will respond with a private RSA key if money has changed hands. The ransomware supports payments made in Bitcoin, UKash and PaySafeCard.

    Victims are pressured to pay up through a timer system which threatens to delete the key necessary to decrypt files.

    Scraper encrypts files through both AES-256 and RSA-2048 protocols. However, a fundamental flaw in the ransomware creator's implementation of cryptographic algorithms means files can be decrypted without payment, according to the security team. In over 70 percent of cases, Kaspersky Labs' ScraperDecryptor utility can be used to clean systems of the malicious code and more likely than not restore a device's original files.

    Unfortunately, ransomware has become a popular way to extract money from victims who inadvertently download the malware. The fear factor stems from ransomware often masquerading as law enforcement and alleging that the victim has been viewing illegal material or similar, and a time reference can cause panic which will in turn pressure a victim to pay up rather than lose their files.

    In March, a new variant of the Cryptolocker ransomware which targets gamers. Dubbed TeslaCrypt, the malware strain impacts data files for games distributed on compromised websites, and uses the Angler exploit kit to lock systems and demand payment.

    http://www.zdnet.com/article/ransomw...avoid-payment/









Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •