Ransomware – Some Recent Attacks

Imagine yourself in this position; you get home, excited to complete a report to email it tonight; you put on your computer and bam! The only thing you see is a black screen with instructions that you don’t understand. You have been attacked; all your files have been encrypted; they are asking for a specific amount of Bitcoins within a specific amount of time to release your files. If you don’t pay, they claim that they will destroy all your files. They give you step by step instructions on how to ‘pay for your files’ in a very well coordinated tutorial. You weigh your options and give in; according to a report released by Symantec in 2016,  64% American victims are willing to pay the ransom. This is ransomware; a money making attack that is gaining momentum lately.

Ransomware in 2017

One recent incident is a hospital ECMC in Buffalo NY that was locked out of its systems. The attack affected over 6000 computers. The hackers demanded 30,000USD; 24 bitcoins valued at 1215 USD per bitcoin. The response from the hospital was fascinating though. Instead of paying the ransom, they chose to boost up the security of their systems by over 10Million USD. They took it as a lesson to mend their systems so they may never have to go through the same incident again. If they had given the ransom; they would not have fixed the security breach and would be vulnerable to another attack; which would have forced them to invest in security in the end. In the first 6 months of 2017, there were 2 major incidents of ransom ware which scaled globally.

Wannacry:- This incident happened between 12th and 15th May. The ransomware affected over 300,000 businesses in over 150 countries all over the world. The attack was mostly common in Russia, China and India. Big institutions were affected such as banks, universities, hospitals and train systems.  Some of the companies that were affected were Fedex, Telefonica and Deusche Bahn. It exploited Windows server message block protocol to penetrate the system and encrypt the files. Most of the affected computers had not done the security update in March 2017. A 22 year old web security expert in the UK slowed down the spread by registering a domain name that he found within the code of the program.

Petya ransomware attack happened on 27th June. It did not spread as fast as Wannacry but it was said to be more dangerous. Petya also took advantage of vulnerability in older Windows operating system called EternalBlue to encrypt the master boot record.

How ransomware spreads

  • Email
  • Malvertisements – advertisements that look real but intended to spread an attack

Tips

  • Ensure to constantly update your systems so that the patches are up to date. Make sure you set up automatic updates from Microsoft.
  • Back up your most important files to the cloud or a hard drive at least once a month.
  • Avoid opening suspicious emails and clicking on suspicious ads
  • Minimize usage of public wifi; if you do, don’t make your computer accessible to the public or use a virtual private network.

Ransomware as a Service

Cybercrime organizations are said to be renting out ransomware attack infrastructure and software to other criminals who carry out the attacks and split the profits.

Ransomware help desks – the criminals provide tutorials on how to use bitcoin and even set up multi lingual help desks that assist the victims to make the payments.

Business Email Compromise – Phishing attackers send an email posing as a top company official instructing the finance team to make money transfers to a specific bank account. In the last 3 years over 3 billion USD has been lost through BEC attacks.

Targeting ATM flaws– In an experiment to demonstrate the vulnerability of systems; security experts Davis and Josh Hammond were able to hack into an ATM and make it empty out all the cash. They identified an exposed USB port in the machine, used it to plug a notebook into the ATM, altered the Automatic Funds Distributor bot, a component of the system that determines how much money to expend. They tricked the machine to release all the cash it had.

Targeting mobile phones on wifi – Broadcom’s wi-fi chipsets found in Android and İOS phones are vulnerable to attacks over wi-fi. Hackers within your wi-fi range can easily take over your phone when your wi-fi setting is on even if you are not using the wi-fi network.

Here are some statistics about Ransomware:

  • In 2016 FBI reported over 3 billion total losses from cybercrime incidents
  • FBI received 298,728 internet fraud complaints; yet only 15% of the victims report the cybercrimes.
  • There has been more that $25 million in ransomware payments over the past two years.
  • 95% of the ransom payments were done through the BTC-E bitcoin.
  • According to Kaspersky Lab, between April 2016 and March 2017, the total number of ransomware victims rose by 11.4%
  • 60% of ransomware is spread by email
  • In 2015, Google blocked 780 million malicious ads and 1.7 billion in 2016
1+

Users who have LIKED this post:

  • avatar