Originally, ransomware didn’t involve any data theft. Malware would encrypt the data on your computer, and demand a ransom for the encryption key. Now ransomware is increasingly involving both encryption and exfiltration. Brian Krebs wrote about this in December. It’s a further incentive for the victims to pay.
Recently, the aerospace company Visser Precision was hit by the DoppelPaymer ransomware. The company refused to pay, so the criminals leaked documents and data belonging to Visser Precision, Lockheed Martin, Boeing, SpaceX, the US Navy, and others.
Posted on April 14, 2020 at 7:48 AM •
EKANS is a new ransomware that targets industrial control systems:
But EKANS also uses another trick to ratchet up the pain: It’s designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with. While crude compared to other malware purpose-built for industrial sabotage, that targeting can nonetheless break the software used to monitor infrastructure, like an oil firm’s pipelines or a factory’s robots. That could have potentially dangerous consequences, like preventing staff from remotely monitoring or controlling the equipment’s operation.
EKANS is actually the second ransomware to hit industrial control systems. According to Dragos, another ransomware strain known as Megacortex that first appeared last spring included all of the same industrial control system process-killing features, and may in fact be a predecessor to EKANS developed by the same hackers. But because Megacortex also terminated hundreds of other processes, its industrial-control-system targeted features went largely overlooked.
Speculation is that this is criminal in origin, and not the work of a government.
It’s also the first malware that is named after a Pokémon character.
Posted on February 7, 2020 at 9:42 AM •
The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because — as generally happens — they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC’s video surveillance cameras a week before the 2017 inauguration.
EDITED TO ADD (11/13): Link without a paywall.
Posted on November 12, 2019 at 6:15 AM •
ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims.
Posted on July 8, 2019 at 7:08 AM •
Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida city of Riviera Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative.
Posted on June 25, 2019 at 12:39 PM •
This will complicate things:
To complicate matters, having cyber insurance might not cover everyone’s losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the “hostile or warlike action in time of peace or war” exemption.
I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing.
Posted on March 8, 2019 at 5:57 AM •
This is a good article on the complicated story of hacker Marcus Hutchins.
Posted on March 16, 2018 at 6:12 AM •
The Guardian is reporting that “every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required.”
This is the same NHS that was debilitated by WannaCry.
EDITED TO ADD (2/13): More news.
And don’t think that US hospitals are much better.
Posted on February 6, 2018 at 6:33 AM •
No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It’s not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee.
Posted on January 15, 2018 at 6:43 AM •
I don’t have anything to say — mostly because I’m otherwise busy — about the malware known as GoldenEye, NotPetya, or ExPetr. But I wanted a post to park links.
Please add any good relevant links in the comments.
Posted on July 4, 2017 at 3:40 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.