ransomware
Latest
'WannaCry' ransomware attack spreads worldwide (update)
England's healthcare system came under a withering cyberattack Friday morning, with "at least 25" hospitals across the country falling prey to ransomware that locked doctors and employees out of critical systems and networks. It's now clear that this is not a (relatively) isolated attack but rather a single front in a massive digital assault. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
NHS hospitals in England hit by a widespread cyberattack (updated)
Various NHS Trusts are currently battling with what appears to be a large-scale cyberattack affecting IT systems across the country. According to reports, hospitals and GP surgeries are falling victim to a widespread ransomware attack, causing them to shut down their computer networks. The East and North Hertfordshire NHS Trust was one of the first to acknowledge the problem and switch off its systems, warning locals that they will have trouble getting through on the phone and asking them not to visit accident and emergency unless absolutely necessary. Update: The attack has continued to spread and is now affecting systems around the world. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
Gag ransomware forces you to play an anime shooter game
A typical ransomware takes your files hostage in exchange for money, but "Rensenware" asks for something else. It forces you to play an anime-type shooter game called Touhou Seirensen (Undefined Fantastic Object) and score 0.2 billion points in Lunatic mode. Based on what we've seen of the gameplay, some of you might wish your computers were infected with ransomware that ask for a reasonable amount of cash instead. Rensenware, which was first spotted by the Malware Hunter Team, was created as a joke.
When the 'S' in HTTPS also stands for shady
Just when we'd learned the importance of HTTPS in address bars, spammers and malicious hackers have figured out how to game the system. Let's Encrypt is an automated service that lets people turn their old unencrypted URLs into safely encrypted HTTPS addresses with a type of file called a certificate. It's terrific, especially because certificates are expensive (overpriced, actually) and many people can't afford them. So it's easy to argue that the Let's Encrypt service has done more than we may ever realize to strengthen the security of the internet and users everywhere.
Ransomware hits Pennsylvania's Democratic state senators
Democrats in Pennsylvania's state Senate were locked out of their computer network early Friday morning due to a ransomware attack, NBC News reports. According to an unidentified state official who spoke with NBC, the Democratic senators in Harrisburg use their own computer network and "there is no indication that other state agencies of the Republicans have been affected." As of about 5 p.m. Friday, both law enforcement agencies and Microsoft were working with the state Democrats to free their network. In a statement sent to reporters via text message and obtained by The Hill, state party officials said, "there is currently no indication that the caucus system was targeted or that any data has been compromised."
San Francisco MUNI hacker was hacked
Over the weekend, San Francisco's transit system was hacked by an individual (or group) going by the name Andy Saolis. The attack forced the city to offer Muni rides for free while its staff raced to rectify the breach on its servers. But while Saolis was threatening to expose gigabytes of data if his ransom wasn't paid, they were the subject of a hack themselves. An anonymous individual contacted Krebs on Security, claiming to have breached Saolis' email and found out a few clues as to their identity.
San Francisco transit hackers threaten to expose data
Looks like San Francisco refused to give in to transit system hackers trying to hold the city for ransom. In a conversation with Motherboard, the attackers (still going by "Andy Saolis") have threatened to expose 30GB of Muni databases and documents unless they receive the $73,000 in bitcoin that they demanded alongside the initial hack. They're trying to claim the moral high ground, too. Purportedly, the hack was a "proof of concept" meant to show that the San Francisco Metropolitan Transportation Authority doesn't "pay attention to your safety." This forces SFMTA to "do right job," the perpetrators claim in broken English.
San Francisco transit stations fall victim to a hack
San Franciscans just got an all-too-real demonstration of what it's like when hackers attack urban infrastructure. The city's Municipal Transportation Agency has confirmed that the Muni station computer system was hacked, leading officials to open fare gates, shut down ticket kiosks and otherwise make rides free on November 26th. Trains themselves were unaffected, and payments resumed on the morning of the 27th. It's not certain exactly who was responsible (besides "Andy Saolis," likely a pseudonym), but Hoodline understands that the intruders were using ransomware to hold the city hostage until it paid the equivalent of $73,000 in bitcoin. Screens at terminals said "you hacked, ALL data encrypted" and pointed the city to a Russian email address to arrange payment.
Malware uses Facebook and LinkedIn images to hijack your PC (updated)
Malware doesn't always have to attack your computer through browser- or OS-based exploits. Sometimes, it's the social networks themselves that can be the problem. Researchers at Check Point have discovered that a variant of known ransomware, Locky, is taking advantage of flaws in the way Facebook and LinkedIn (among others) handle images in its bid to infect your PC. The trick forces your browser to download a maliciously coded image file that hijacks your system the moment you open it. If you do, your files are encrypted until you pay up.
Customer service matters when it comes to ransomware
This week we're finding out that Cerber is 2016's biggest name in ransomware. Cerber didn't get to the top just by being good at infecting computers, locking up people's files and blackmailing its victims for Bitcoin. The plucky ransomware is on the fast track to fame and fortune thanks to a hard-won reputation for top-notch customer service that wows its victims at every turn. At least that was the conclusion in security company F-Secure's summer report, Evaluating the Customer Journey of Crypto-Ransomware.
'No More Ransom' helps you fight ransomware without paying
Ransomware is one of the most chilling type of malware floating around the internet: an attack that locks a user's files hostage behind an encrypted paywall. Universities, hospitals and even seats of government have fallen victim to these kinds of attacks, paying thousands of dollars in ransom to cyber-criminals in hopes of recovering precious data. Now, authorities and IT companies are fighting back. Intel Secruity, Interpol, the Dutch police and Kaspersky labs have teamed up to create No More Ransom, a web-portal with tool that help users remove ransomware without paying off their attackers.
Watch out for fraudulent 'Pokémon Go' apps
It's official: Pokémon Go has become a major phenomenon: It's getting people interested in augmented reality, inspiring filmmakers and even helping players cope with anxiety. Unfortunately, it's also creating targets for malware developers. According to the antivirus folks at ESET, at least three fake Pokémon Go apps have been spotted on the Google Play store since the game launched. One of them has the unsettling distinction of being the first malicious, fraudulent screen-locking app to surface on Google Play.
University of Calgary hands over $16,000 in ransomware attack
The University of Calgary has become the latest victim in a recent string of ransomware attacks. According to a statement released Wednesday morning, University computer systems were affected for 10 days while the IT team worked to remedy the issue. Ultimately, the University paid around $16,000 ($20,000 Canadian) to recover its data, with no guarantee that it was even possible to restore it.
Makers of uncrackable ransomware hand over the key
The creators of a virus that forces users to pay to recover their own files seem to have turned over a new leaf. Security researchers at ESET are reporting that TeslaCrypt's developers posted the master encryption key, enabling ESET to develop a free fix. According to the firm, the creators of the virus were "wrapping up" their activities, and when a researcher asked for the master key, it was simply handed over. ESET has subsequently been able to produce a decryption tool (available here) that'll enable anyone affected to get their files back.
Congressional IT desk warns representatives of ransomware threats
The technology service desk at the House of Representatives has sent out an email warning your state representatives to be careful which links they follow from their email inboxes. According to the email, which was forwarded to TechCrunch today, there has been an uptick in the number of ransomware attacks on the House network and the congressional IT folks will start banning access to YahooMail.
Ancient apps leave 3.2 million PCs open to ransomware attacks
Criminals are relying on some particularly insidious ways to spread ransomware. Cisco's Talos group has discovered that intruders are taking advantage of vulnerabilities in old versions of Follett library management software (specifically, the associated JBoss web servers) to install backdoors and slip in ransom code. The attack has 'only' put 2,100 backdoors in place, but about 3.2 million systems are known to be at risk -- many of them at grade schools. Suffice it to say that many educators don't want to pay a hefty sum just to regain access to their library data.
A dangerous piece of PC ransomware is now impossible to crack
What do developers do after discovering a software vulnerability? Why, patch it, of course. Ironically, criminals have learned that lesson too, as one gang has updated the notorious TeslaCrypt ransomware with new features that are impossible to crack, according to Cisco's Talos security arm. That means user infected with the latest version (3.01) of the malware can no longer use white hat-engineered software to get their files back. Until someone finds a new solution -- and that seems unlikely -- victims will have to pay.
First known Mac ransomware reaches the wild
While ransomware has sadly been a reality on smartphones and Windows PCs for a while, you haven't really had to worry about it on a Mac... until now, that is. Palo Alto Networks claims to have discovered the first known instance of OS X-oriented ransomware in the wild, "KeRanger." If you install software infected with the code (in this case, a version of the BitTorrent client Transmission), it'll encrypt your files after three days and demand that you pay a digital currency ransom to regain control.
Hospital paid hackers 40 bitcoins to get its network back
After more than a week of computer problems for Hollywood Presbyterian Memorial Medical Center, President & CEO Allen Stefanek announced (PDF) that it has decided to pay 40 bitcoins, or about $17,000 to fix the issue. The hospital's network was struck by ransomware on February 5th, and Stefanek's letter explained that the one his organization got hit by encrypted files and demanded money for an encryption key. Previous reports put the pricetag for access at $3.6 million, but the executive claims that is false, and the hospital chose the "quickest and most efficient way to restore our systems and administrative functions."
Hackers hold Hollywood hospital's systems for ransom
A Hollywood hospital is having to rely on pencil and paper after a ransomware attack. For more than a week, the computer systems at Hollywood Presbyterian Memorial Medical Center have been down at the hands of hackers. In addition to having to keep registration and logs on paper, staff is without email access and unable to use some patient records. Patients have been transported to other facilities as the computers needed to complete lab work, pharmacy tasks and CT scans are all unavailable.
