27 year old Michael Gillespie is a largely self-taught programmer and help-desk technician whose day job is working for Nerds on Call; when one of his customers asked for help in 2015 recovering files that had been encrypted by ransomware, he became obsessed with the subject and is now responsible for writing more ransomware decryptors than any other programmer, working for free and putting up an associated website, ID Ransomware, that guides ransomware victims through determining whether there is a decryptor for their strain of ransomware and helping them get their files back. Read the rest

For decades, people (including me) have predicted that cyberinsurers might be a way to get companies to take security seriously. After all, insurers have to live in the real world (which is why terrorism insurance is cheap, because terrorism is not a meaningful risk in America), and in the real world, poor security practices destroy peoples' lives, all the time, in wholesale quantities that beggar the imagination. Read the rest

I once found myself staying in a small hotel with a "State Department" family whose members clearly all worked for some kind of three letter agency (the family patriarch had been with USAID with the tanks rolled into Budapest) and I had some of the weirdest discussions of my life with them. Read the rest

ProPublica's Minhee Cho says: "Thought you might be interested in ProPublica’s latest report detailing how insurance companies are actually fueling a rise in ransomware attacks by choosing to pay the ransom, even when they could recover the files on their own. Why? Plain and simple: the attacks are good for business.

"More often than not, paying the ransom is a lot cheaper for insurers than the loss of revenue they have to cover otherwise. But, by rewarding hackers, these companies have created a perverted cycle that encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies. In fact, it seems hackers are specifically extorting American companies that they know have cyber insurance. After one small insurer highlighted the names of some of its cyber policyholders on its website, three of them were attacked by ransomware.

"The cyber insurance industry is now estimated to be a $7-8 billion market in the U.S. alone. In the past year, dozens of public entities in the U.S. — including the cities of Baltimore and Atlanta — have been paralyzed by ransomware. Just this month, attackers seeking millions of dollars encrypted the files of 22 Texas municipalities."

You can read more in her full story here.

Image: Unknown - http://hyphenet.com/wp-content/uploads/2016/04/petya-ransomware-screenshot.png, Public Domain, Link Read the rest

The U.S. government will launch a program about a month from now to help state officials prevent ransomware attacks on voter registration databases and systems, ahead of the 2020 presidential election. Read the rest

The American ransomware epidemic shows no signs of slowing, as the confluence of underinvestment in IT and information security and the NSA's reckless stockpiling of computer vulnerabilities means that petty criminals can extort vast sums from distant municipalities by seizing their entire networked infrastructure. Read the rest

As city after city has remitted hundreds of thousands of dollars to pay off ransomware criminals who hijacked their crucial systems, the US Conference of Mayors had unanimously adopted a resolution to never pay these ransoms again, on the basis that these payments "encourage continued attacks on other government systems, as perpetrators financially benefit," Read the rest

It hasn't even been a full week since Riviera City, a town that fell victim to ransomware hackers, paid almost $600,000 in an attempt to regain control of vital city networks. Today, there's news that the government of yet another Florida town, Lake City, has voted to pay $500,000 in bitcoin to hackers for the same. Read the rest

Last month, Propublica published a blockbuster investigative report on companies that claimed they could help you get your ransomware-locked data back, but who were secretly just paying off the criminals -- one company got so good at it that ransomware criminals started to refer their victims to them. Read the rest

The city council of Riviera Beach, Florida has voted unanimously to pay $600,000 to criminals who seized control of the city's computers through a ransomware attack, after three weeks of being locked out of the city systems (the city has also voted to spend $1m replacing its computers). Read the rest

Nearly two weeks after the city of Baltimore's internal networks were compromised by the Samsam ransomware worm (previously), the city is still weeks away from recovering services -- that's weeks during which the city is unable to process utility payments or municipal fines, register house sales, or perform other basic functions of city governance. Read the rest

Ransomware has been around since the late 1980s, but it got a massive shot in the arm when leaked NSA cyberweapons were merged with existing strains of ransomware, with new payment mechanisms that used cryptocurrencies, leading to multiple ransomware epidemics that locked up businesses, hospitals, schools, and more (and then there are the state-level cyberattacks that pretend to be ransomware). Read the rest

Zain Qaiser, from Barking in London, scammed millions of pounds out of website visitors and is off to jail. He may be the world's most prolific ransomware distributor, reports the BBC, exposed in a trial that focused on easy-to-blackmail porn site visitors.

Qaiser, 24, was jailed for more than six years at Kingston Crown Court. The court heard he is the most prolific cyber criminal to be sentenced in the UK. Judge Timothy Lamb QC said: "The harm caused by your offending was extensive - so extensive that there does not appear to be a reported case involving anything comparable." ...

Qaiser was first arrested almost five years ago - but the case has been delayed because of the complexity of the investigation and mental health concerns. Initially working from his bedroom at his family home in Barking, Qaiser began to make money through "ransomware" attacks when he was only 17 years old.

YouTuber PewDiePie has more subscribers than anyone else on the network, and some of his rabid fans have released at least two ransomware strains that encrypt hard drives and display a notice that informs victims that a decryption key will be made available only when PewDiePie's account gets 100 million subscribers. One of the ransomware strains also warned victims that if, at any time, the Indian Bollywood channel T-Series gets more subscribers than PewDiePie, the decryption key will not be released.

From ZD Net:

Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.

I made this whilst learning java 😂I hope I didn't cause to much of an issue for anyone. Here is the decryption tool: https://t.co/2hkUIsLRxv its command line based. Keep up to good work

— __JustMe__ (@JustMe79194181) February 25, 2019

Yesterday, the team at Emsisoft released their own decrypter app based on these two tools, meaning victims can recover files without having to wait months until PewDiePie reached 100 million subscribers.

Both ransomware strains show the level of idiocy the competition for YouTube's top spot has reached. While T-Series fans have remained mostly quiet most of this time, a portion of PewDiePie's fans appears to have lost their minds and engaged in media stunts bordering on criminal behavior.

They've defaced sites, taken over printers, and hijacked thousands of Chromecasts and smart TVs to spew out messages of support and the now-classical "subscribe to PewDiePie."

The message itself has become a meme, and not in a good way.

A coalition of shipping industry associations has published The Guidelines on Cyber Security Onboard Ships, laying out best practices for the giant ships that ply the seas, and revealing that these behemoths are routinely infected with worms, ransomware, and malware spread by infected USB devices. Read the rest

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

No More Ransom is a joint effort by Europol, the Dutch police, Kaspersky and McAfee to help people who've been compromised by ransomware get their data back without paying off criminals. Read the rest