"Unskilled group" is responsible for multiple, crappy ransomware attacks

Software can be thought of as a system for encapsulating the expertise of skilled practitioners; translate the hard-won expertise of a machinist or a dental technician or a bookkeeper into code, and people with little expertise in those fields can recreate many of the feats of the greatest virtuosos, just by hitting Enter. Read the rest

Miele's networked disinfecting hospital dishwasher has a gaping security flaw

The Miele PG 8528 is a "washer-disinfector" intended for hospitals and other locations with potentially dangerous pathogens on their dirty dishes; it's networked and smart. And dumb. Read the rest

Healthcare facilities widely compromised by Medjack, malware that infects medical devices to steal your information

The healthcare industry is a well-known information security dumpster fire, from the entire hospitals hijacked by ransomware to the useless security on medical devices to the terrifying world of shitty state security for medical implants -- all made worse by the cack-handed security measures that hospital workers have to bypass to get on with saving our lives (and it's about to get worse, thanks to the Internet of Things). Read the rest

And now, a 5-minute ad for a service that lets you start your own ransomware "business"

Philadelphia is a crimeware-as-a-service business that sells a highly customizable ransomware package for budding entrepreneurs who want to dabble in crime. Read the rest

Proof-of-concept ransomware locks up the PLCs that control power plants

In Out of Control: Ransomware for Industrial Control Systems, three Georgia Tech computer scientists describe their work to develop LogicLocker, a piece of proof-of-concept ransomware that infects the programmable logic controllers that are used to control industrial systems like those in power plants. Read the rest

Classy ransomware criminals set themselves apart with 24/7, Russian/English customer service

The customer service operatives for the criminal gang that operates the Spora ransomware are relentlessly customer focused, working to soothe upset victims and streamline their payments in order to recover their data. Read the rest

You can install ransomware on a Samsung Galaxy by sending it an SMS

Researchers from Context Security have identified a vulnerability in Samsung Galaxy phones: by embedding commands in the obsolete, 17-year-old WAP proptocol in an SMS message, attackers can put them into endless reboot loops, or encrypt their storage and charge the phone's owners for a decryption key. Read the rest

UPDATED: Ransomware creeps steal the entire St Louis library system

Update: The library system has recovered access to its computers.

The libraries of St Louis, MO have been crippled by a ransomware attack that has shut down the public terminals the library provides to the poor and vulnerable of St Louis, as well as the systems used to process book and material lending (the catalog is on a separate, uninfected system). Read the rest

Los Angeles Valley College pays $28,000 in bitcoin ransom to hackers

In Eastern Europe, organized crime and the government are the same thing, so the US is having a tough time stopping the ransomware attacks emanating from those countries. The LA Times has a story about a recent attack on a community college in Los Angeles:

Phil Lieberman, a cybersecurity expert, said attacks such as the one at Los Angeles Valley College are common among companies and government agencies that use the Internet.

“The attacks generally come out of Eastern Europe and cannot be stopped because the United States does not have pacts with the countries where the attacks are launched,” he said.

Ransomware is usually delivered via email or through an infected website and immediately locks a computer system, Lieberman said. After a payment is received, hackers provide an “unlock code.”

Finding the hackers isn’t the hard part, he said.

The problem, according to Lieberman, is that “the U.S. government has no way to stop them, since the governments of the countries that launch this are uncooperative and in fact benefit from the criminal activity going on within their borders.”

Here are 27 screenshots of ransomware. Most of them look like computer screens from bad 1990s hacker movies. Read the rest

New ransomware will delete all your files -- unless you read two articles on avoiding ransomware

A newly discovered strain of the Koolova ransomware encrypts all your files and deletes the keys -- unless you read two articles about avoiding ransomware: Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom (Bleeping Computer) and Stay safe while browsing (Google Security Blog). Read the rest

Ransomware creep accidentally hijacks San Francisco Muni, won't give it back

A ransomware criminal's self-reproducing malicious software spread through a critical network used by the San Francisco light rail system, AKA the Muni, and shut it down; the anonymous criminal -- cryptom27@yandex.com -- says they won't give it back until they get paid. Read the rest

Listening to users is the first step in making them secure

Quinn Norton's lecture A Network of Sorrows: Small Adversaries and Small Allies at Hack.lu (helpfully transcribed by the Open Transcripts folks!) is a great call-to-arms for user-centered security. Read the rest

UK hospitals shut down by malware, advise patients to go somewhere else for the duration

3 NHS hospitals under the Northern Lincolnshire and Goole NHS Foundation Trust have been infected by "a virus" that administrators detected on Sunday; the hospitals are on limited operations and turning away patients until the hospitals can "isolate and destroy" the malware. Read the rest

Healthcare workers prioritize helping people over information security (disaster ensues)

In Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?, security researchers from Penn, Dartmouth and USC conducted an excellent piece of ethnographic research on health workers, shadowing them as they moved through their work environments, blithely ignoring, circumventing and sabotaging the information security measures imposed by their IT departments, because in so doing, they were saving lives. Read the rest

Why the rise of ransomware attacks should worry you

Sean Gallagher does an excellent job of running down the economics and technology behind the rise and rise of ransomware attacks: ransomware has become a surefire way to turn a buck on virtually any network intrusion, and network intrusions themselves are trivial if you don't especially care whose networks you break into. Read the rest

Ransomware creeps steal two more hospitals. Again. Again.

Unlike the Hollywood hospital shutdown in Feb and the Kentucky shutdown in March which got in by phishing attacks on employees, the two hospitals in Baltimore that were taken offline by ransomware were targeted by server-based attacks that got in through vulnerabilities in public-facing hospital services. Read the rest

Ransomware gets a lot faster by encrypting the master file table instead of the filesystem

In just a few short years, ransomware -- malware that encrypts all the files on the computer and then charges you for a key to restore them -- has gone from a clever literary device for technothrillers to a cottage industry to an epidemic to a public menace. Read the rest

More posts