Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#ransomware’

Main Entrance Of Modern Hospital Building With Signs

Hackers Split On ‘Ethics’ Of Ransomware Attacks On Hospitals

September 14, 2016

Ransomware might be lucrative for some cybercriminals, but there are those who condemn holding hospitals to ransom.

Ransomware attacks against hospitals represent a growing threat which is becoming increasingly lucrative for some cybercriminals — even while other hackers are openly condemning extortion attempts against healthcare providers.
A combination of hospitals’ reliance on equipment powered by older operating systems and their often very urgent need to access medical data means that some hackers have looked at the institutions as a potentially rich target.
That was demonstrated when a Los Angeles hospital paid a $17,000 Bitcoin ransom after a Locky infection took down its network. But that wasn’t a one-off attack: there’s been a surge in ransomware-based cyberattacks against hospital networks across the globe, but particularly in the US.
Cybersecurity researchers from Intel Security analysed ransomware code from attacks against hospitals made during the first quarter of the year and discovered numerous Bitcoin wallets used to transfer ransom payments — Bitcoin having become the preferred currency of the cybercriminal — which showed that the hackers behind these hospitals attacks had amassed $100,000 from ransoms alone.
Researchers have described the ransomware attack methods used by such attackers as “effective but not very sophisticated”. While they don’t specify which variants of ransomware are being used, the description could point to the culprits using something like Cerber, which has been seen being made available as a ransomware-as-a-service scheme for use by even the most technically-illiterate wannabe cybercriminal.
Researchers also suggest the hospital attacks weren’t carried out by the sort of “malicious actors we normally face in ransomware attacks or breaches”.
Indeed, they found evidence that suggests that cyberattacks against hospitals are being carried out by those viewed as renegades even within the cybercriminal fraternity, judged negatively for their decision to carry out attacks against those which provision healthcare. In the Russian underground in particular, there’s an ‘ethical’ code of conduct which places hospitals off-limits — even in countries usually targeted by Russian-speaking hackers.
In one forum, criminals discussed the ethics of attacking hospitals at length: “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong,” one user said, while another labelled hospital attackers as “dumbest hackers ever”.
While hospitals currently only account for a small percentage of ransomware victims, it’s feared that as ransomware becomes an increasingly appealing method of attack for hackers, more and more of them will attack the healthcare sector.
“With cybersecurity threats including ransomware rising at such a rapid rate, organisations are having to come to terms with the fact that it’s fast becoming a question of ‘when’, not ‘if’, they suffer a breach,” says Raj Samani, CTO at EMEA Intel Security. “It’s crucial that the likes of healthcare pick up the pace with cybersecurity. Vulnerabilities in these sectors provide hackers with access to extremely personal, valuable and often irreplaceable data and IP.”
Despite a few high profile cases, Intel Security researchers found that, in most instances, hospitals that became victims of ransomware didn’t pay hackers a ransom. In these cases, it’s likely that organisations found another way to decrypt the files — or they simply deemed the encrypted files to not be important enough to pay to get back.
Cybersecurity researchers and the authorities have both warned about the increasing threat of ransomware to corporate and public sector networks.

Tags: , , , , , , , ,

A dealer reacts on the trading floor of IG Index in the City of London August 11, 2011. Firmer U.S. stocks pulled world shares higher on Thursday as strong U.S. jobs data took some of the focus away from renewed fears about the health of the euro zone banking system.  REUTERS/Toby Melville    (BRITAIN - Tags: BUSINESS EMPLOYMENT) - RTR2PTUZ

How Ransomware Became a Billion-Dollar Nightmare for Businesses

September 4, 2016

One cybersecurity firm estimates that extortive attacks now cost small and medium companies at least $75 billion in expenses and lost productivity each year.
In recent months, a proliferation of ransomware attacks has affected everyone from personal-computer and smart-phone owners to hospitals and police departments. An attack works like this: A virus arrives and encrypts a company’s data; then a message appears demanding a fee of hundreds or thousands of dollars. If the ransom is paid in time, the information is restored. At the heart of this new business model for cybercrime is the fact that individuals and businesses, not retailers and banks, are the ones footing the bill for data breaches.
According to an FBI tally, ransomware attacks cost their victims a total of $209 million in the first three months of 2016, a stunning surge upward from $24 million in all of 2015. However, that figure was based only on the complaints that victims reported to the bureau. In a new report, Datto, a Connecticut-based cybersecurity company, offers an alarmingly higher estimate that accounts for unreported incidents and lost productivity, which costs businesses far more than paying ransoms does.
The company’s survey of 1,100 IT professionals found that nearly 92 percent had clients that suffered ransomware attacks in the last year, including 40 percent whose clients had sustained at least six attacks. The report found that “less than 1 in 4 ransomware incidents are reported to the authorities.” Factoring in the cost and average amount of time lost to infections—an overwhelming majority of small businesses hit by ransomware face at least two days of downtime—as well as the number of businesses affected by them, Datto suggests that the financial impact of this brand of cybercrime starts in the range of $75 billion each year.
The company arrived at this figure based on an estimate from the Aberdeen Group, a consultancy, that an hour of inactivity costs small companies an average of $8,581 per hour. By comparison, Datto’s survey indicated that about three-quarters of the IT professionals said the ransoms paid were somewhere between $100 and $2,000. Overall, Datto estimates that $375 million has been paid out in ransoms in the past year, making lost productivity the much bigger concern.
Joe Gleinser, the president of GCS Technologies, an Austin-based IT support and services company, walked me through just how time-consuming it is for companies to deal with ransomware attacks, which generally starts with the appearance of “unusually named files” or files that suddenly can’t be accessed. “Locking the network down”—freezing some or all of a company’s systems—is typically the first step after the attack is recognized, in an effort to stop the damage and look for fixes.
“So that’s productivity hit number one,” he said. For a small business, that can mean an entire operation; for a larger one, it could mean a section or a division. “Obviously in certain industries that’s a lot more painful,” Gleinser added. “In health care, that can mean patients going untreated. If you don’t have that information, you don’t know what drugs were prescribed and sometimes it’s tough to make decisions.” Earlier this year, operations at a Los Angeles hospital came to a near halt, leaving staff to use faxes and paper notes to communicate before a $17,000 ransom was paid.
If a business has a well-maintained back-up system in place, data may be restored with only some small delays and limited expense. Should a sufficient back-up not be possible and should the inaccessible files be deemed important enough, the second step is paying the ransom, a practice that the FBI discourages, but says is not illegal under most circumstances.
“Paying the ransom is tricky business,” said Gleinser. “You’re dealing with criminals.” While many ransomers operate quickly, even attentively, that is not always the case. Datto’s survey found that 7 percent of IT professionals reported incidents where data was not restored even after a ransom was paid.
But even paying the ransom can be tricky. “If you don’t have Bitcoin right now, you’re probably not going to get it before the timer expires on the infection,” Gleinser said. “Many of these infections, as soon as you start the process to engage with the ransomer … you have about 48 hours before the data is non-recoverable to encourage you to move quickly.”
As one cybersecurity company executive told Business Insider last month, banks have started to keep tens of thousands of dollars in Bitcoin ready in case of an attack. “Buying bitcoin on any one of the U.S. exchanges is a three-to-five day wait time, so we’ve been forced into the position of having to stock bitcoin as if it were computer equipment and have it ready for our use,” Gleinser added. And even if a company is prepared to pay, when the deadline arrives, the price can jump, sometime double, triple, or even quadruple, or the data can be rendered permanently unrecoverable. “We’ve seen some clients who had paid the ransom and then immediately get attacked again,” he added.
So who is doing this? Ransomware attacks originate largely in Russian or Eastern European outfits, but in recent years, they’ve come from all over the world. Quoting FBI statistics, Gleinser says an average of 4,000 ransomware episodes now take place each day, mostly with no ideological rhyme or reason. These heavily-automated attacks have changed a basic business calculus whereby employers and management have started looking outward for threats instead of inward. “We’ve told clients the last 15 years, the number one threat is not the boogeyman, it’s … the third party you’ve already given access to your network. Disgruntled staff has by far been the largest security risk our clients have dealt with historically,” Gleinser said. “It’s not definitely true in this day and age. There definitely is a boogeyman out to get these guys.” With Bitcoin enabling easier and less traceable methods of cybercrime, ransomware attacks will almost certainly not be the boogeyman’s final evolution.

Tags: , , , , , , , ,

shutterstock_104336624

Ransomware Targets UK Hospitals, But NHS Won’t Pay Up

August 31, 2016

Ransomware has caused massive headaches for hospitals. In February of this year, at least a dozen hospitals around the world had been seriously infected with malware demanding cash to retrieve their files. Some even resorted to pen-and-paper systems, and others gave the hackers over $10,000 worth of bitcoin to unlock their systems.
But judging by responses to Freedom of Information requests, UK hospitals are not paying hackers when ransomware strikes.
Motherboard asked National Health Service (NHS) trusts for details on attack figures and payments stretching back to January 2012. Many had been successfully hacked at some point (although on a limited scale, infecting only a small number of computers). Another piece of research carried out by cybersecurity company NCC Group found nearly half of 60 NHS Trusts suffered a ransomware attack in the last year.
All of the hospitals that said they had been successfully infected with ransomware said they had not paid the attackers
But successful infections are not necessarily the most important thing here. Successful payments are: a ransomware operator gets nothing for their time and effort if the victim doesn’t cough up the bitcoin. If a hospital hasn’t paid a hacker, presumably it has managed to protect patient or other files from permanent loss.
That’s exactly what many of the hospitals contacted by Motherboard did. All of the hospitals that said they had been successfully infected with ransomware said they had not paid the attackers.
The East and North Hertfordshire NHS Trust said it had faced two successful infections of “Crypto Locker,” a particularly popular form of ransomware. “In both cases for the Trust, we did not pay the ransom, we simply recovered the data from an internal backup,” Freedom of Information Officer Jude Archer wrote in her response. “We backup all Trust data each and every day. I can confirm that there is no evidence the data that was encrypted [by the ransomware] was copied or moved off site at any time.”
The Health and Social Care Information Centre (HSCIC) had the same strategy, and added that it has a policy of not paying attackers.
“According to records HSCIC has been infected with ransomware on 3 occasions since January 2012, in every instance HSCIC has been prepared for this eventuality and has been able to contain and eradicated the ransomware infection and restore all affected systems and files from full backups, without any breaches to patient data or disruptions to the delivery of patient care,” Information Governance Advisor Graeme Holmes wrote in his response.
The NHS may have a decent track record of not paying hackers, but clearly there is still money to be made elsewhere: Earlier this month, researchers from FireEye spotted an uptick in the number of Locky infections hitting US-based hospitals.

Tags: , , , , , , , ,

ransomware

Ransomware Is So Hot Criminals Are Sabotaging Each Other’s Ransomware

August 1, 2016

Ransomware, the strain of malware which cryptographically locks a victim’s hard drive until they pay the author an electronic ransom, is super popular among cybercriminals right now. The strategy is so successful, in fact, that some ransomware-makers have apparently begun sabotaging each other’s ransomware to try and take out their competition.
Earlier this week, 3,500 keys for a ransomware known as “Chimera” leaked online, purportedly allowing anyone targeted by it to safely decrypt their ransomed files without having to pony up bitcoins. The decryption keys were apparently posted by the authors of a rival ransomware package called Petya and Mischa, who claimed they had hacked Chimera’s development system, pilfered the keys, and stolen parts of the code.
“Earlier this year we got access to big parts of their deveolpment [sic] system, and included parts of Chimera in our project,” the authors write in a post on Pastebin. “Additionally we now release about 3500 decryption keys from Chimera.”
Chimera is a particularly nasty strain of ransomware which not only locks a victim’s hard drive but threatens to leak their private files online if the ransom isn’t paid. It’s still not clear whether the supposedly-leaked keys will actually decrypt machines affected by the malware, however—the security firm MalwareBytes, which first noticed the leak, says that verifying all the keys will take some time.
In any case, Petya and Mischa’s authors seem to have timed the leak to promote their own ransomware, which is based on the stolen Chimera code and is now being offered as a service to any two-bit cybercriminal willing to shell out bitcoins for it.
The in-fighting seems to indicate another significant, albeit predictable shift in the criminal hacking economy. Previously, ransomware authors have expressed anger at a recent rash of fake ransomware, which display scary messages but don’t actually lock or unlock a victim’s hard drive when the ransom is paid; the thinking is that enough of this fake ransomware could cause people to stop believing they can get their files back when they’re hit with the real thing, endangering future profits.

Tags: , , , , , , ,

static2.politico.com

Cyber Ransom Attacks Panic Hospitals, Alarm Congress

July 21, 2016

When the Obama administration pushed out a $35 billion incentive program to pay doctors and hospitals to convert to electronic records, the idea was to modernize the health care industry, not serve it up on a platter to cyber criminals.
But now, American hospitals face weekly ransom threats. If they don’t pay up, files get frozen, surgeries delayed and patients sent across town. One of these days, someone could die as a result. And no one in government has a clear plan to handle it.
Such are the unintended consequences of shovel-ready projects.
The incentive program, which started paying out cash in 2011, “thrust tens of thousands of health care providers into the digital age before they were ready,” says David Brailer, chief of health IT in the second Bush administration. “One area where they were woefully unprepared is security. It created thousands of vulnerabilities in hospitals and practices that lack the budget, staff or access to technical skills to deal with them.”
Desperate hospitals have asked the feds for new financial incentives to boost their security. But Congress seems in no mood to cough up the necessary billions. It created a task force to come up with a report on how an alphabet soup of federal agencies can establish a chain of command for health care security.
Meanwhile, cybercrime attacks are mounting so rapidly that they challenge the financial stability of some health systems, according to experts in information security. The intrusions are interfering with efforts to improve data sharing in health care — and could even threaten patient safety.
Just this week, a Kansas hospital said it paid a large ransom to unblock frozen records — then was told it had to pay more in order to free all the files.
“It’s only a matter of time before someone gets hurt,” Sen. Sheldon Whitehouse (D-R.I.) said during a hearing this month after well-publicized ransomware attacks hit hospitals in Kentucky, California and the nation’s capital.
Whitehouse and Sen. Lindsey Graham (R-S.C.) filed a bill this month to punish cyber criminals if their attacks result in health care system deaths or injuries. But first, they’d have to find perpetrators — in Russia, Eastern Europe or in hidden recesses of the Dark Web.
More rules won’t help, Brailer says. Hospital licensing requirements and medical privacy laws already include extensive security requirements, but providers rarely follow best practices, he said.
The FDA and the Office for Civil Rights in the Health and Human Services department use penalties and guidance documents to push providers and device makers to use better “cyber hygiene.”
Members of Congress also want hospitals to be more dutiful. “If you aren’t following good practices, the regulatory environment isn’t going to save you,” says Rep. Will Hurd (R-Texas), leader of the House Oversight cybersecurity subcommittee. While FBI and other agencies can do better at sharing threat intelligence, “health care has to help itself.”
More federal inspections might increase readiness, but none of these measures attack the underlying problem — the massive gap between the industry’s needs and its resources, Brailer said.
Meanwhile, hackers are launching billions of health care-focused attacks. One major health system was bombarded with a million emails in March alone seeking to implant ransomware in its computers. A small Kentucky hospital had 3,500 attacks on Mother’s Day, according to Leslie Krigstein, vice president of the CHIME.
Last year there were 54 “zero-day,” or brand new attacks; approximately once a week, in other words, hackers sent out an electronic bug so novel that no computer could recognize it.
Ransomware is of particular concern. In these attacks, hackers send out code that freeze computer files until the owner pays ransom in untraceable Bitcoins in exchange for a numeric decryption to unfreeze them. The attacks allow hackers to cash in quickly, whereas stolen medical records may be more difficult to monetize. (More than 100 million records were stolen in 2015 — some for sale on the black market or use in Medicare fraud, some by state actors, apparently for intelligence purposes).
Freakout in the C-Suite
For the first time, the threat of cyberattacks is grabbing the attention of senior health care executives, said Russell Branzell, CHIME’s CEO, who says the executives are “freaking out” as we “enter into a security war for health care.”
Cybersecurity legislation signed into law last year allows health care companies to share information about threats they’ve encountered without risk of being sued for any data breaches they reveal. Other privately run organizations also serve this purpose.
But complying with such recommendations can require major investments — millions to hire new security teams and consultants and to buy new software. Added security spending might mean forgoing a new MRI system, or delaying the hiring of new nurses.
“Cyberthreats are knocking on your door every time you open your laptop or your phone,” said Ty Faulkner, a cyber consultant. “If you aren’t monitoring and checking your data, I question whether you are following good business processes.”
But “many of our members can’t afford the technology and tools they need at this point,” said Branzell. “It’s moving so fast that you could update everything, spend way more than you’re budgeting for, then the next wave of bad guy stuff comes up and you’re already behind again.”
“If you peer into the dark minds of a lot of hospital executives, they are rolling the dice as to where they allocate their budgets,” said Clinton Mikel, an attorney with Health Law Partners.
Health care firms are spending vast sums to lure chief information security officers away from the financial and energy sector. The job description hardly existed in health care two years ago — now there are 500 just in Branzell’s organization.
Some companies are hiring security consultants on a semi-permanent basis, said Mac McMillan, co-founder and CEO of CynergisTek — one of those firms. If they don’t spend that big dough, many worry, a criminal breach of their information could result in bankruptcy levels of litigation.
Cyber insurance protects against some costs, but underwriters won’t write a policy unless the hospital system can demonstrate it is already spending plenty to defend itself.
Successful attacks are inevitable, security experts say. They talk of techniques such as compartmentalizing software, so hacks can be confined to a small area of the computer system, or programs that detect unusual computer activity within an organization, signs a bug has already penetrated the system.
“Most organizations can’t do that for themselves,” McMillan said. “More and more, people are saying to us, ‘I want a partner’ because cybercrime has become an industry.”
Medical devices: A ripe target?
The targets of attack within health care are practically limitless. “It’s hard to imagine a more complex and diverse environment than a hospital,” said Dave Palmer of Darktrace, a company whose technology searches for unusual behavior within networks.
“You have doctors and staff walking around with tablets, millions of dollars worth of scanners and sensitive machinery, all of it digitally integrated. You have visiting consultants there, maybe only a few days a week. Staff, porters, cleaning people.”
Users may not understand that bedside devices like monitors need to be secured, said Dennis Gallitano, a leading cyber attorney. Most cyber strategies are built around detecting and keeping out bugs, but “what about tunnels through the backdoor — a fax machine or pump?”
Device manufacturers are not required to meet the privacy and security standards of the Health Insurance Portability and Accountability Act (HIPAA); security experts say their protection is often lax, offering an attractive target for hackers looking for new ways into health systems. The FDA has begun working with manufacturers to improve device cybersecurity.
Security conflicts with transparency
One of the main purposes of electronic health records is to encourage information sharing among doctors, so that patients can be looked after in a more holistic way. Cyberthreats, some worry, could lead to a clampdown, because health care companies are leery of sharing data with institutions that might not be secure.
“There is very much a conflict in health care,” Branzell acknowledged. “The traditional model is, ‘Lock the world down.’ That doesn’t work in a world where we’re being asked to become more and more transparent and engage with our patients … With more patient engagement you’ve got people working from home on their Wi-Fi networks.”
Security should not be used as an excuse to block transparency, says Fred Trotter, a hacker and data journalist who serves on HHS’ Cybersecurity Task Force. In Trotter’s view, the solution is to make a distinction between ordinary cybertheft and hacking that has patient safety implications.
Cyberattacks that might, say, cripple an MRI machine until a ransom is paid, he believes, should be classed with other health IT safety issues, such as poor usability or bad software design that could lead to medical errors.
An evil genius and a wayward duck (or chicken, or pig) are equally capable of starting a lethal viral epidemic. By the same token, it shouldn’t matter whether a hacker or a stuck mouse button creates a clinical safety problem, he said.
HHS’ Office of the National Coordinator for Health IT has tried for years to create a safety center where threats and problems with software can be shared, discussed and remedied.
Congress has refused to provide the budget.

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
private
Private Blockchains Could Be Compatible with EU Privacy Rules, Research Shows
November 12, 2018

Private blockchains, such as interbanking platforms set to share information on customers, could be...

Read more
apple
Apple launches privacy portal, initiatives
October 18, 2018

Apple (NASDAQ:AAPL) launches a new privacy website letting users find personal data the company has ...

Read more
private
Just Don’t Call It Privacy
September 23, 2018

What do you call it when employers use Facebook’s advertising platform to show certain job ads onl...

Read more
static2.politico.com
Privacy and security: no simple solution, warns Rachel Dixon
September 18, 2018

The tide is turning when it comes to privacy and security, with Australians gradually becoming more ...

Read more
emailtracking-ta
Are you privacy literate?
September 11, 2018

Online privacy is a new literacy that educators and students need to learn and practice. But what sh...

Read more