ransomware
Latest
Dentist offices across the US hit with ransomware
Hundreds of dentist offices around the United States were hit with ransomware this week according to multiple reports from ZDNet, CNN and security researcher Brian Krebs. The incidents are the result of an apparent vulnerability in software provided by The Digital Dental Record and PerCSoft, two Wisconsin-based companies that offer medical record retention and backup services to dental practices.
AJ Dellinger08.29.2019US officials brace for ransomware attacks against election systems
It's no secret that many American officials are worried about hacks targeting the 2020 election, but there's one fear this time around that wasn't present in 2016: ransomware. Reuters has learned that Homeland Security's Cybersecurity Infrastructure Security Agency (CISA) is worried election databases could be targeted by the same kind of ransomware attacks that have plagued cities like Atlanta and Baltimore. Accordingly, it's teaming with election officials and relevant companies to both safeguard their databases and prepare responses for possible attacks.
Jon Fingas08.26.2019Ransomware attack in Texas targets local government agencies
Ransomware attacks against local governments are still a clear problem, and Texas is discovering this first hand. The state has revealed that 23 government entities reported a ransomware attack on the morning of August 16th. Most of these were "smaller local governments," the Department of Information Resources said, and State of Texas networks and systems weren't hit.
Jon Fingas08.18.2019Even DSLR cameras are vulnerable to ransomware
Cameras are among the few devices that don't connect to the internet, so you'd think they'd be immune to hackers. However, researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks, of all things. Once in range of your camera's WiFi, a bad actor could easily install malware that would encrypt your valuable photos unless you paid for a key.
Steve Dent08.12.2019Local governments are still woefully unprepared to fight ransomware
Our state and local governments found themselves under siege in 2019 from William Plunketts for the internet age. But rather than pistols and roadblocks, this new generation of bandits come armed with encryption algorithms and demands for bitcoin. Can today's American cities and counties, long hamstrung by both a lack of interest and funding for cybersecurity efforts ever hope to withstand these digital muggings? Just ask Lake City, Florida.
Andrew Tarantola07.26.2019US Treasury has 'serious concerns' Libra could be used for terrorism
The US government views cryptocurrencies, including Facebook-backed Libra, as a national security issue. In a press conference today, Treasury Secretary Steven Mnuchin said the Treasury Department has "very serious concerns" that Libra could be misused by money launderers, terrorist financiers and other bad players. While the concerns are not entirely surprising, they do make the US government's stance on cryptocurrency more than clear.
Christine Fisher07.15.2019Baltimore ransomware attack will cost the city over $18 million
Fresh off dealing with chaos caused by last month's ransomware attack, the city of Baltimore has a new problem to deal with -- the $18 million in damages that came with it.
Georgina Torbet06.06.2019Ransomware attacks in US cities are using a stolen NSA tool
The ransomware attacks in Baltimore and other US cities appear to have a common thread: they're using NSA tools on the agency's home soil. In-the-know security experts talking to the New York Times said the malware in the cyberattacks is using the NSA's stolen EternalBlue as a "key component," much like WannaCry and NotPetya. While the full list of affected cities isn't available, San Antonio and the Pennsylvania city of Allentown have reportedly been victims of EternalBlue-based campaigns.
Jon Fingas05.25.2019Old versions of Windows get a new patch to stop WannaCry-style attacks
Microsoft is trying to head off another WannaCry-style malware outbreak before it starts. The software giant has released fixes for a Remote Desktop Services (aka Terminal Services) vulnerability that could allow "wormable" malware that spreads from computer to computer without requiring any user input. The exploit affects Windows 7, Windows Server 2008 R2 and older releases. Not surprisingly, Microsoft isn't taking any chances. While it's no longer officially supporting Windows XP and Windows Server 2003, it's patching both platforms to prevent ancient PCs (like those used in some business and government scenarios) from falling prey to attacks.
Jon Fingas05.14.2019A ransomware attack is holding Baltimore's networks hostage
A ransomware attack brought Baltimore city government's computers to a halt yesterday. The hackers are reportedly holding the city's files hostage, demanding up to 13 Bitcoins (about $76,280) to free the city's systems. As of this afternoon, the city has quarantined the ransomware, the Baltimore Sun reports. But, in a press conference, the city said it is not sure when all of the systems will be functioning again.
Christine Fisher05.08.2019Ransomware interrupted a 'The Weather Channel' morning show
On Thursday morning, from 6AM to 7:39AM, viewers weren't able to learn any useful weather information from The Weather Channel. The TV network had to show a taped program instead of airing its morning show AMHQ, because it suffered a security breach that took it off air. In a Twitter post, the company explained that it experienced issues due to a "malicious software attack" and that it was only able to restore live broadcast through backup mechanisms.
Mariella Moon04.18.2019Ryuk ransomware banks $3.7 million in five months
The Ryuk ransomware hasn't just causing grief for newspapers -- it's also quite lucrative for its operators. Researchers at CrowdStrike and FireEye both estimate that the code has produced the equivalent of $3.7 million in bitcoin since August, spread across 52 payments. The key, analysts note, is the willingness to be patient and focus on big targets.
Jon Fingas01.14.2019Malware stalls delivery of LA Times and other major US newspapers
If you still look forward to reading a physical newspaper now and then, you might have been in for a rude surprise this weekend. An unspecified malware strain has attacked Tribune Publishing's network, delaying the release of Saturday editions of at least some of its papers (including the LA Times, San Diego Union Tribune and South Florida Sun Sentinel) as well as West Coast versions of the New York Times and Wall Street Journal, both of which are printed at the LA Times' Los Angeles plant. It was particularly severe for San Diego residents -- between 85 to 90 percent of Saturday papers didn't reach customers.
Jon Fingas12.30.2018US charges Iranian hackers over $30 million ransomware spree
The US is attempting to hold the creators of the infamous SamSam ransomware to account. A federal grand jury has revealed indictments against two Iranian men, Mohammad Mansouri and Faramarz Savandi, for allegedly authoring and wielding SamSam to extort money from a wide range of North American targets, including multiple hospitals, health care companies, state agencies and the city of Atlanta. They've successfully collected $6 million in ransoms so far, according to the Justice Department, and have created over $30 million in losses.
Jon Fingas11.28.2018Kelihos botnet operator pleads guilty to hacking and fraud charges
The Kelihos botnet story appears to be winding to a close. Russian Peter Levashov has pleaded guilty to charges relating his operation of the botnet, including intentional damage to a computer, wire fraud, conspiracy and identity theft. He reportedly used Kelihos to spread spam email, collect login details, install ransomware and otherwise attack users' computers, including selling access to the botnet.
Jon Fingas09.13.2018A single ransomware creator made almost $6 million
The SamSam ransomware, which throttled the city government of Atlanta earlier this year, netted its creators more than $5.9 million in ransom payments, according to a comprehensive report by UK cybersecurity firm Sophos. The report, which details SamSam's activity since its launch in 2015, also reveals that a lone black hat hacker could've raked in the entire haul by themselves.
Rachel England08.01.2018Atlanta ransomware attack may cost another $9.5 million to fix
The effects of the "SamSam" ransomware attack against Atlanta's government were much worse than it seemed at first glance. To start, city Information Management head Daphney Rackley revealed at a meeting that more than a third of Atlanta's 424 necessary programs were knocked offline or partly disabled, and close to 30 percent of those affected apps were "mission critical" -- that is, vital elements like the court system and police. The government initially reckoned that essential programs were safe.
Jon Fingas06.06.2018Atlanta spends more than $2 million to recover from ransomware attack
Last month, Atlanta's city government was hit with a ransomware attack that caused courthouse documents and services like payment processing to become inaccessible. The ransom demand was approximately $51,000 but according to the city's Department of Procurement, Atlanta has spent much more than that on efforts to rectify the situation. It appears that firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services while Edelman was paid $50,000 for crisis communication services. Overall, the funds seemingly applied to the ransomware attack response add up to approximately $2.7 million.
Mallory Locklear04.23.2018Boeing: Reports of WannaCry outbreak 'overstated and inaccurate'
This afternoon a report by the Seattle Times cited internal messages showing that aircraft builder Boeing had been hit by the WannaCry ransomware and there were fears it could affect production. Boeing VP Linda Mills tells Engadget in a statement that its network security "detected a limited intrusion of malware that affected a small number of systems," and it shouldn't affect deliveries. Issues with ransomware have not tailed off since last year's worldwide outbreak of WannaCry/NotPetya, and the city of Atlanta's government is still recovering after "SamSam" ransomware locked down some systems last week. Even if this occurrence is as controllable as Boeing believes, it's surely not the last time we'll hear about a large organization suddenly locked out of its own computers.
Richard Lawler03.28.2018Atlanta government computers hit by ransomware
The last victim affected by ransomware is the city government of Atlanta, GA. The ninth-largest metro area in the US isn't able to do things like process payments or provide access to courthouse information because some systems are locked down. During a press conference, mayor Keisha Bottoms and newly-appointed COO Richard Cox said that they're working with the FBI, DHS, Microsoft and Cisco to find out what data has been potentially been compromised.The local NBC affiliate reports a ransom note included with the SamSam ransomware is demanding about $51,000 in bitcoin to restore the systems. If it is SamSam, it's part of a family of malware has been active against many government and healthcare systems since late 2015. In January, Talos noted that its makers had already netted over $325,000 in ransom sent to one bitcoin wallet. This particular attack isn't spreading on the level of 2017's NotPetya/WannaCry, but its apparent ability to target critical systems where the owners are likely to pay makes it even more troublesome, spreading first through vulnerable servers and then onto Windows desktops. The Atlanta government said it will be open for business in the morning, and that infrastructure like public safety, water and the airport are unaffected.
Richard Lawler03.23.2018