On Friday, a massive cyber attack hit several nations in Europe and Asia, and disrupted the computer systems at multiple British hospitals. Patients were turned away as hospital staff couldn’t access the computers, and appointments had to be cancelled. The BBC reports that as many as 74 countries were affected, and security researchers believe all of the incidents are related.

The British public health system, National Health Service, advised people to only seek medical help at hospitals if it was an emergency. Ambulances were redirected to other hospitals. The screens on the hacked hospitals’ computers showed a message from the hackers each demanding $300 in Bitcoins within three days to unlock the information.

BREAKING: Multiple NHS trusts across UK under malware attack. Actual screenshot of the threat ppl are seeing: https://t.co/ZBm6a7ImwQ pic.twitter.com/7NVy8xvfyD

— Shaun Lintern (@ShaunLintern) May 12, 2017

The technique behind the attack is so-called “ransomware,” which basically is a type of software that infects a digital machine and locks its functions until a ransom has been paid. The name of this particular malware is “Wanna Cry,” also known as “Wanna Decryptor.”

36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge. pic.twitter.com/EaZcaxPta4

— Jakub Kroustek (@JakubKroustek) May 12, 2017

Several experts believe the cyber attack is linked to a hacker group called The Shadow Brokers–the same group that claimed in April that it had stolen and released malware created by the National Security Agency, NSA. It was not exactly clear what the groups’ motive was–it said it wanted to protest President Donald Trump, but also that it opposed the removal of Steve Bannon from the National Security Council.

The hackers also claimed they are “not fans of Russia or Putin,” but security experts said they could possibly be associated with the Russian government. One chief executive of a cyber-security firm, Jake Williams, said, “Russia is quickly responding to the missile attacks on Syria with the release of the dump file password that was previously withheld.”

Could we be seeing the largest cyber attack in history? Organisations in 74 countries now hit including FedEx and NHS #ransomware #WannaCry

— Lisa Forte (@lisaoncyber) May 12, 2017

Other companies that were affected include Spanish electric company Iberdrola, utility provider Gas Natural, University of Milano-Bicocca in Italy, Portuguese telecommunications provider Portugal Telecom, and FedEx. The largest telecommunications company, Telefonica, was also hit, but the attack reportedly didn’t affect any customers. It seemed to be a new kind of ransomware, and it spread fast. Some said it seemed to be a worm–a malware program that spreads by between computers, like a virus.

In Britain, the NHS is facing criticism for not doing enough to protect its computer systems against attacks like these. The hacker group became known two months ago, and Microsoft released a program that could protect against its malware. But not all NHS computers installed it. Ross Anderson from Cambridge University is one of the critics. “If large numbers of NHS organizations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” he said.

Emma Von Zeipel

Emma Von Zeipel is a staff writer at Law Street Media. She is originally from one of the islands of Stockholm, Sweden. After working for Democratic Voice of Burma in Thailand, she ended up in New York City. She has a BA in journalism from Stockholm University and is passionate about human rights, good books, horses, and European chocolate. Contact Emma at EVonZeipel@LawStreetMedia.com.

The post Global Cyber Attack Put British Hospitals Out of Commission appeared first on Law Street.

A hospital in Los Angeles, the Hollywood Presbyterian Medical Center, recently agreed to pay a ransom of $17,000. But the ransom wasn’t paid to free some worker held hostage or to prevent the release of a catastrophic pathogen. Instead it was handed over to hackers for the safe return of its patients’ medical files. Hackers managed to penetrate the hospital’s computers and encrypt its files, and demanded a large sum to be paid in the form of Bitcoins. While this scenario sounds far-fetched, this type of crime is actually on the rise. Read on to find out more about ransomware, bitcoins, why these types of attacks are increasing, and what can be done to stop them.

What is Ransomware?

Ransomware is a type of malware employed by hackers to stop users from accessing their own information or data.  It does this in one of two ways. Either a screen is locked and instructions are provided for unlocking it, or important information is encrypted and a password or key known only to the hackers is required to reopen the essential information. While the exact date of ransomware’s origin is non-definite, it appears to have started in Russia sometime around 2006, spreading globally by 2012.

By 2013, ransomware hackers were using encryption through something known as CryptoLocker. Before encryption, ransomware typically blocked people from using their computers or tricked users into paying to regain access to their computers. An example of this is Reveton, which shows notifications claiming to be from a law enforcement agency, informing the user that a crime has been committed and a fine must be paid. But such malware could be uninstalled or removed with an antivirus program, though even that can be particularly difficult. When encryption came on the scene, hackers began encrypting files, making it impossible for users to access their own information without an encryption key. Even if the ransomware is removed, the files remain encrypted. This key element of ransomware is what makes it both very dangerous and lucrative, as it can be removed yet continue to do damage.

In 2014, ransomware hackers also began using the Tor network to remain anonymous. Tor is a unique network that does not directly plug into the internet, connecting through a series of servers instead. Hackers began using this network to communicate with command and control servers that store the encryption key, which can be sent to an infected computer after a ransom is paid. Doing so makes it nearly impossible to track an attack to an individual because their identity is concealed throughout the process.

The accompanying video gives a quick look at what ransomware is:

Payment

Paying the ransom part of ransomware is also an increasingly complex process. In the case of ransomware like Reveton, hackers often request payment through several services that are difficult to trace such as UKash, PaySafeCard, and MoneyPak. But a growing trend among these hackers has been to request the money in Bitcoins, which is how the hospital in Los Angeles paid its ransom. Bitcoin is a type of cryptocurrency that exist entirely online with no physical presence. Bitcoins are not controlled by a central bank and are based on mathematics, making it completely decentralized and not tied to the value of a commodity like gold or silver. Bitcoin is particularly attractive to hackers because of the anonymity it provides.

Growing Popularity of Ransomware

The threat of ransomware is also on the rise. As of January 2013, there had been 100,000 such attacks but by the end of that year alone that number rose to nearly 600,000, according to Antivirus software company Symantec. Symantec also looked at data from command and control servers used by ransomware hackers to estimate how profitable these scams really are. According to its calculations, hackers can earn around $33,600 per day, amounting to as much as $394,000 in a month. Two primary questions remain: how do hackers select targets and why are attacks increasing?

To answer the first question, targets so far have generally been chosen at random, although future hackers could research a target beforehand to find the most lucrative one. While targets are generally chosen at random, many victims have been infiltrated by viruses or spyware before, suggesting that certain victims may be chosen simply because their systems are easy to penetrate. Traditionally, these random targets were individuals who paid small sums, but recently, the size of the target and the requested ransoms have increased. Conventional wisdom on the use of ransomware is also changing as the payment for these random attacks has shifted more and more to Bitcoins.

Bitcoins help answer the second question–why are ransomware attacks on the rise? While Bitcoin is completely transparent when it comes to transactions, it is often very difficult to trace a Bitcoin address back to an individual, making it easy for hackers to remain anonymous. The rise of Bitcoin has given hackers a reliable and anonymous method to receive ransom payments, which likely contributes to the rise in ransomware attacks.

The video below comments on the attack in LA and the rise of such attacks:

Stopping Ransomware

So with ransomware attacks increasing, how can people avoid falling victim?  There are several steps any user can take to eliminate or, at least, mitigate their exposure to dangerous ransomware. First is to use a reputable anti-virus software to help prevent and remove malicious programs. But reputation is important, as there are many fake options that may actually give your computer a virus. Similarly, it is important to make sure your computer’s existing firewall is strong and activated.

Even with anti-virus software in place and a strong firewall, it is still paramount to be cautious. Using a pop-up blocker and being careful when opening email attachments is also an important way to avoid exposure. It is additionally important to back up files and information regularly. If you have a backup of your files in the cloud or on an external hard drive, you will still have access to your information even after it is encrypted by ransomware.

In the event of a ransomware attack, it is also important to get the authorities involved, including the FBI, as ransomware is generally beyond the scope of local police departments. In fact, the police themselves are not immune to attacks either, as police departments in both the Boston area and in Maine fell victim and paid subsequent ransoms.

So far, the FBI has actually had some success fighting ransomware.  In 2013, for example, it stopped the software platform Citadel, which was behind the Reveton-style ransomware attacks. In 2014, the FBI also disrupted a major botnet–a network of computers used to infect computers with malware– and seized control of the servers behind CryptoLocker. While the FBI has had some success fighting these hackers, in certain cases the bureau says the best way to fight ransomware is to actually pay the ransom. While this goes against the conventional wisdom of not giving into criminals’ demands, the encryption used is often nearly impossible to crack and the requested ransoms may be relatively small. Put simply, for some people its often easier to just pay up.

Conclusion

Not only is ransomware on the rise, it is becoming much harder to combat and hackers are moving to even more lucrative targets. While it is bad enough that individuals often have to deal with ransomware, hackers are now starting to go after essential institutions such as police departments and hospitals. While targets take on an ever-growing importance, the reality is that ransomware is not going away anytime soon. In many respects, ransomware is not that different from other types of malware, with the exception that it offers to restore the user’s capabilities for the right price. As is the case with other malware, ransomware shows no signs of fading. Its methods are becoming more effective and recovering payments is easier than it has ever been.

Unfortunately, potential targets and those already affected have little recourse in this battle. While the FBI has made some progress, even it suggests that paying up for relatively small amounts may be victims’ best option. An important question going forward is how to respond if hackers increasingly target important institutions. And as the profiles of these targets increase, will the ransoms increase as well?

Resources

Symantec: Ransomware: A Growing Menace

Tech Times: LA Hospital Hit By Ransomware Pays Hackers $17,000: Is It The Right Choice

Trend Micro: Ransomware

Tor Project: Tor Overview

Coin Desk: What is a Bitcoin?

Phys.org: Why Ransomware is on the rise

Norton: Beware the Rise of Ransomware

Federal Bureau of Investigations: Ransomware on the Rise

The Security Ledger: FBI’s Advice on Ransomware? Just Pay The Ransom

Michael Sliwinski

Michael Sliwinski (@MoneyMike4289) is a 2011 graduate of Ohio University in Athens with a Bachelor’s in History, as well as a 2014 graduate of the University of Georgia with a Master’s in International Policy. In his free time he enjoys writing, reading, and outdoor activites, particularly basketball. Contact Michael at staff@LawStreetMedia.com.

The post Ransomware: Holding Our Digital Lives Hostage? appeared first on Law Street.

Security breaches among major companies such as Target, eBay, and Neiman Marcus dominated news headlines this past year and led many to wonder about the safety of the information stored with organizations throughout the United States. The statistics from the May 2014 US State of Cybercrime Survey are far from reassuring.

The survey, a combined effort of PwC, CSO magazine, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, and the US Secret Service, states that the number of cybercrime incidents and the fiscal losses they incur are rapidly rising. The findings reveal that this is mainly because the companies could not adequately defend themselves from cyber-attacks. According to the 2014 survey, the top five methods for cyber-attacks involve malware, phishing (the attempt to acquire sensitive information such as usernames or passwords), network interruption, spyware, and denial-of-services attacks.

The report covered information from 500 different corporations and government agencies, including law enforcement, and stated that “three out of four had had some kind of security breach just in the last year, and the average number of incidents per organization was 135.”

Fourteen percent of those surveyed reported that monetary losses attributed to cybercrime have increased in the past year. The actual costs are generally not known, as the majority of those who reported a cyber attack were unable to estimate the associated financial costs. Of the few survey respondents that could, the average yearly loss was around $415,000. Businesses are beginning to feel that cyber security is an issue that is out of their control and that cyber attacks are costing them an increasing amount of money.

 Why the Rising Rate?

One of the major problems associated with the rising rate of cybercrime is that few companies, only 38% according to the survey, are adequately prepared to combat cybercrime. These rising rates are not simply due to inadequate defenses, but also increasingly sophisticated techniques used by cyber criminals. According to an article on Time.com, the most pertinent threats to cyber security in the United States come from Syria, Iran, China and Russia.

There are two kinds of big companies in the United States: those who’ve been hacked by the Chinese and those who don’t yet know that they’ve been hacked by the Chinese.

-FBI Director James Comey

The 2014 report lists major reasons why these attacks are on the rise. It claims that a few reasons are that most organizations do not spend enough on cybersecurity and do not properly understand cyber security risks. According to the survey, there is also a lack of collaboration among companies that have experienced a breach or other form of cyber attack, specifically that “82% of companies with strong protection against cybercrime collaborate with others to strengthen their defenses.” Other pertinent issues leading to increased cybercrime are insufficient security of mobile devices and lack of proper evaluation of attacks within organizations.

What can be Done to Lower the Rate of Cyber Attacks?

According to the 2014 survey, one major way for corporations and agencies to prevent cybercrime is through company-wide employee training which has been shown to be effective but is no currently used frequently enough. According to an article on CSO’s website, many organizations aren’t running information security training programs that are up to date. The 2014 survey recommends that the main focus of companies should be protecting the private financial information of their consumers. Perhaps as companies continue to strengthen the efforts of their cybersecurities, the rate of attacks from online adversaries will begin to lower, causing the 2015 report to reflect a decrease in cybercrime.

—

Marisa Mostek (@MarisaJ44) loves globetrotting and writing, so she is living the dream by writing while living abroad in Japan and working as an English teacher. Marisa received her undergraduate degree from the University of Colorado in Boulder and a certificate in journalism from UCLA. Contact Marisa at staff@LawStreetMedia.com.

Featured image courtesy of [geralt via Pixabay]

Marisa Mostek

Marisa Mostek loves globetrotting and writing, so she is living the dream by writing while living abroad in Japan and working as an English teacher. Marisa received her undergraduate degree from the University of Colorado in Boulder and a certificate in journalism from UCLA. Contact Marisa at staff@LawStreetMedia.com.

The post Criminals Availing in Cyberspace appeared first on Law Street.