Help Net Security’s article Crypto ransomware hits German hospitals, based on this article from DW, also includes links to its story about the attack on the Hollywood Presbyterian Medical Center, and another story about a New Zealand hospital hit with Locky. [Added later: Commentary by John Leyden for The Register here. And I’ve just caught up with an article from My News LA about an apparent attack on the Los Angeles Department of Health.]
As far as I can make out there is no firm indication of links between all these attacks, or that hospitals are being specifically targeted by specific malware, but the clustering is worrying. If nothing else, it is clear that hospitals, like any other organization, survive such attacks better if they have suitably-protected backups and other well-administered security precautions in place.
A new paper from Mandiant covers a lot of ground, including data on bulk export of PII (Personally Identifiable Information) and the exploitation of network devices as well as some interesting data and speculation about ransomware.
Commentary from Darren Pauli for The Register here.
I’ve just come across a wide-ranging paper from Bitdefender on ‘Ransomware, a Victim’s Perspective: a Study on US and European Internet Users‘. Well worth a look.
Link added to the ransomware resources page.
If support scammers are using Dell customer data, as seems to be the case, Dell could certainly be more proactive in warning its customers, despite its own concerns about being seen as vulnerable to external or internal data leakage. But at least they’re now trying to gather info on the issue.
See my article here: Support Scammers Targeting Dell Customers with links to related articles by Brian Krebs, Dan Goodin et al.
… not everyone who is [a Dell customer] has the technical grasp that Krebs’s correspondents seem to have. So perhaps it’s time Dell at least made more effort to notify people using its products (and especially its support services) that scammers may have such data, and that possession of such data shouldn’t be taken as some sort of validation of the bona fides of a cold-caller.
Added to resources page, of course.
It probably hasn’t escaped your notice that ransomware gangs are fond of Bitcoin, and you may also be aware that some victims who decide to pay up are finding the Bitcoin technology somewhat daunting, to the extent that PadCrypt may be intended to offer advice on paying with Bitcoin by way of a live chat facility (offline at the time of writing). At any rate, Bleeping Computer’s Lawrence Abrams comments:
“A feature like this could potentially increase the amount of payments as the victim can receive “support” and be guided on the confusing process of making a payment.
I’m not familiar enough with Bitcoin at the moment to help much as far as that’s concerned, but I have noticed a number of articles recently that relate to it:
William Hugh Murray comments in a recent SANS newsletter:
Cyber currency is too slow ever to play a major role as a medium of exchange. It is too volatile to serve as a store of value. However, anonymity will serve to encourage extortion.
That section of the Newsbites newsletter has a number of interesting links to commentary on the Locky ransomware, by the way.
Ransomware with several interesting features described for Graham Cluley’s blog by David Bisson: New ransomware comes with Live Chat feature, somewhat useless uninstaller. The article draws on information published by Lawrence Abrams for Bleeping Computer: PadCrypt: The first ransomware with Live Support Chat and an Uninstaller.
The point about the uninstaller is that it removes all the files associated with the infection, but doesn’t reverse the encryption.
Links added to the Ransomware Resources page.
Here are a couple of resources for businesses wondering how to set about protecting themselves from ransomware.
Writing for Bitdefender, Graham Cluley offers The Simple Way to Stop your Business from Being Extorted by Ransomware, instead of simply waiting till you get hit and have to cave in to the extortionist’s demands. His top tips will go a long way towards protecting companies, but many of them also apply to individuals. They will, of course, also help protect against other kinds of malware (and frankly, people and companies should routinely be taking precautions like these).
Kaspersky offers a Practical Guide: Could your business survive a cryptor? I can’t comment on how good it is, since it’s accessed via a form that requires contact information I’m not prepared to give in this instance.
I’ve mentioned before that Bleeping Computer is a resource worth checking when faced with a ransomware problem. Emsisoft recently published an interview with Lawrence of Bleeping Computer – Behind the scenes of a free PC troubleshooting helpsite: Interview with BleepingComputer – that you might find of interest, as it specifically includes references to ransomware.
Link added to resource page.
Just added to the ransomware resources page: a link to an excellent paper just published by ESET on The Rise of Android Malware. See also the introductory blog article here.