Healthcare workers prioritize helping people over information security (disaster ensues)

o_ensure_a_quick

In Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?, security researchers from Penn, Dartmouth and USC conducted an excellent piece of ethnographic research on health workers, shadowing them as they moved through their work environments, blithely ignoring, circumventing and sabotaging the information security measures imposed by their IT departments, because in so doing, they were saving lives. Read the rest

Why the rise of ransomware attacks should worry you

20012127713_aed0df29b4_b

Sean Gallagher does an excellent job of running down the economics and technology behind the rise and rise of ransomware attacks: ransomware has become a surefire way to turn a buck on virtually any network intrusion, and network intrusions themselves are trivial if you don't especially care whose networks you break into. Read the rest

Ransomware creeps steal two more hospitals. Again. Again.

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1016

Unlike the Hollywood hospital shutdown in Feb and the Kentucky shutdown in March which got in by phishing attacks on employees, the two hospitals in Baltimore that were taken offline by ransomware were targeted by server-based attacks that got in through vulnerabilities in public-facing hospital services. Read the rest

Ransomware gets a lot faster by encrypting the master file table instead of the filesystem

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1005

In just a few short years, ransomware -- malware that encrypts all the files on the computer and then charges you for a key to restore them -- has gone from a clever literary device for technothrillers to a cottage industry to an epidemic to a public menace. Read the rest

Ransomware hackers steal a hospital. Again.

methodhop

A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate. Read the rest

Hollywood hospital ransoms itself back from hackers for a mere $17,000

OLYMPUS DIGITAL CAMERA

Last week, hackers bricked Hollywood Presbyterian Medical Center, encrypting all the data on its devices and demanding 9,000 Bitcoin (~$3.6m) to give the hospital's IT staff the keys needed to reboot it. Read the rest

Hackers demand $3.6m bitcoin ransom to unlock Los Angeles hospital medical records

equip

A cyberattack on Hollywood Presbyterian Medical Center's computer system has locked up access vital patient data, and the hackers responsible are demanding payment of over 9000 bitcoins ($3.6 million) to unlock the data.

From IBT:

An unnamed doctor has admitted that the hospital's computer system was hacked and is currently being held for ransom, adding that departments are now communicating through fax machines because they have no access to email. Furthermore, a number of patients have been transferred to other hospitals.

Meanwhile, a separate report by Fox (Los Angeles) reaffirmed that the cyberattack has directly affected the 'day-to-day' operations of the hospital.

Image: Shutterstock Read the rest

Porn app secretly takes photos of you and charges you a ransom

fbi

A porn app developed by Russian hackers takes your photo, locks your phone, and displays a scary looking message from the "FBI" that says you have to pay a $500 fine for accessing "forbidden pornogaphic sites."

This piece of ransomware is called Porn Droid and affects Android devices. Unlike a similar porn malware app called Adult Player, which also take users photos and demands a ransom, Porn Droid users stay locked out of their phone even after they pay the ransom.

From IB Times:

According to security company ESET, which uncovered the campaign, the only way to recover access to your phone is through a factory reset, which means that all your photos, videos and contacts will be deleted and, unless they have been backed up, will be lost forever.

Read the rest

A computer researcher haggled with a Russian ransomware criminal

hackers

If you accidentally install Troldash (via spam email) on your computer, it will encrypt your hard drive and lock up your files. Troldash will display an email address to contact the criminal, who will offer to sell you the key to decrypt your hard drive. Natalia Kolesova, a researcher at the security firm Checkpoint, intentionally installed Troldash on a test machine and engaged in an email exchange with the scammer to see if he or she would negotiate the 250 euro ransom.

Posing as a victim named Olga, the researcher contacted the scam artist, and received a reply with instructions to pay 250 euros to get the files back.

Suspecting the reply was automated, Ms Kolesova pressed for a more human response, asking more details about how to transfer the money, and pleading with the hacker to not make them pay.

Responding in Russian, the scammer offered to accept 12,000 roubles, a discount of around 15%. After Ms Kolesova pleaded further, the email response read: "The best I can do is bargain."

Eventually the unknown man or woman was talked into accepting 7,000 roubles - 50% less than the first demand.

"Perhaps if I had continued bargaining, I could have gotten an even bigger discount," Ms Kolesova concluded.

Image: Shutterstock Read the rest

How ransomware creeps cash out their payments

Brian Krebs offers an in-depth look at a "cashout" service used by ransomware crooks to get money from their victims. Ransomware is malicious software that encrypts your personal files and demands that you pay a ransom for the key to decrypt them; the crooks who run the attacks demand that their victims buy prepaid MoneyPak cards and send the numbers for them by way of payment. But converting MoneyPaks to cash is tricky -- one laundry, which pipes the money through a horse/dog-track betting service -- charges a 60% premium.

* The ransomware victims who agree to purchase MoneyPak vouchers to regain control over their PCs.

* The guys operating the botnets that are pushing ransomware, locking up victim PCs, and extracting MoneyPak voucher codes from victims.

* The guy(s) running this cashout service.

* The “cashiers” or “cashers” on the back end who are taking the Moneypak codes submitted to the cashing service, linking those codes to fraudulently-obtained prepaid debit cards, and then withdrawing the funds via ATMs and wiring the proceeds back to the cashing service, minus their commission. The cashing service then credits a percentage of the MoneyPak voucher code values to the ransomware peddler’s account.

How much does the cashout service charge for all this work? More than half of the value of the MoneyPaks, it would seem. When a user logs in to the criminal service, he is greeted with the following message:

“Dear clients, due to decrease of infection rate on exploits we are forced to lift the price.

Read the rest