Soaring number of computers being hijacked for ransom


Gene Pane’s computer abruptly stopped working, save for a jarring message that appeared on his screen.

“It was a warning that said I had downloaded a virus and had to pay $199 to get rid of it,” Pane, a retired business executive who lives in Carlsbad, said of the recent incident. “I needed the files on my computer, so I paid. The money won’t break me, but still …”

Pane had accidentally downloaded ransomware, a rapidly growing form of extortion in which hackers slyly load malicious software onto people’s computers — via emails, decoy ads, bogus news stories and code embedded in all manner of websites.

“It’s entirely possible that we’ll have far in excess of $1 billion in losses” worldwide related to ransomware, said Special Agent Chris Christopherson, who investigates cyber crimes out of the FBI’s field office in San Diego.

He was referring to the projected tally for 2016, which will take awhile to finalize. The figure for this year could turn out to be twice as much.

Slideshow: Five things to know about ransomware »

At least 190 types of ransomware currently exist, experts said. Once a malicious link is clicked, the virus encrypts the files on a person’s computer and freezes the home screen.

Victims then receive a message saying they have to pay a fee to regain control of their hijacked computers. In most cases, the ransom must be paid in bitcoins, a comparatively new international form of digital currency that’s hard for banks and law enforcement to trace.

The FBI said every hour, about 4,000 computers around the world become infected with ransomware.

That’s just an estimate. For a variety of reasons, the exact depth and breadth of the problem aren’t known.

Cyber experts said many ransomware victims never report such extortion because they feel ashamed for getting duped, are worried that people will know they visited a pornography website or some other questionable page, or just want to resolve the problem as quickly as possible.

Other people don’t know where to report an attack or doubt whether law-enforcement authorities would investigate this type of ransom demand, which experts said generally doesn’t exceed $700 per incident.

And many businesses — particularly in the health-care industry — are loathe to acknowledge that they were attacked for fear of undermining the public’s confidence in their ability to protect data.

“The challenge that we must overcome is the shame of being a victim,” said Todd O’Boyle, chief technology officer for Percipient Networks, a security firm based in Wakefield, Mass. “Until people are OK saying that they’ve been victimized, there will be no way to measure the size of the problem. It’s OK to talk. This is like being robbed. You’re a victim.”

Related content: How to fend off ransomware attacks »

Hardly anyone is being spared the grief these days.

“Ransomware is one of the few cyber-criminal business models where the same attack could harm a Fortune 500 company, a local restaurant and your grandmother,” the company Palo Alto Networks of Santa Clara said in a report.

O’Boyle has seen the attacks evolve. “In the bad old days, the same person who attacked you would write the software and send you the malicious email. Now, there are professional software developers who build the solicits that trick you,” he said.

“They sell the software to hackers, who also buy email lists and operate the servers needed to handle the traffic,” he added. “They can buy the software and lists on the underground — the (alternate online network known as the) dark web. These ‘franchisees’ hire young, energetic, persistent sales and support people to do the rest of the work.”

There’s particular concern about a recent innovation in ransomware, said Reg Harnish, chief executive of GreyCastle Security, a firm based in Troy, N.Y.

“There are new variants that offer to decrypt infected victims’ computers as long as they are willing to infect someone else” on their list of contacts, Harnish said. That can create a moral dilemma for the affected consumers and businesses.

In some cases, the malicious software — called malware — launches a countdown clock on the computer screen, giving victims a specific length of time to pay up. If they don’t comply, the hackers sometimes delete files on the hijacked computer.

Of course, in all instances of ransomware, there’s no guarantee that a hacker will free up the affected computer once a payment is made.

The anger and anxiety caused by ransomware were clearly evident in the more than 50 responses The San Diego Union-Tribune received when it asked readers whether they had been hit by this crime.

Rick Schloss, a publicist in San Diego, said he received an email that appeared to be from FedEx. He was expecting a package, so he clicked on the message, inadvertently launching ransomware.

“I’m panicking, wondering what’s going on,” he said. “They wanted $300 in bitcoins. I didn’t know how to transfer money that way, and didn’t know anyone who does.”

Schloss’ computer was crucial to running his business, so he ignored the hackers and bought a new machine for $1,500. Fortunately, he was able to upload his lost files from another device.

“On a pissed number-scale of 1 to 10, it was an 11!,” Schloss said.

Lou Cumming, a retiree in La Jolla, also got scammed. The hackers were so polite, he initially didn’t know he was being attacked.

The problem began in March 2015 when he downloaded an email attachment.

“The next thing I know, my computer screen turned all blue with loud bells going off, lights blinking and in the screen center there appeared a box saying it was Microsoft (and the company was) aware of my ‘problem’ and gave me a phone number to call ASAP to get it fixed,” Cumming said.

“All during this process, (the guy who took his call) was very polite and courteous, like there was nothing wrong,” he recounted. “Claiming to be from Microsoft at the very inception of this ‘problem’ really put my mind at ease.”

Following the man’s instructions, Cumming paid $308 to an unknown party. In actuality, Microsoft doesn’t place such messages on people’s screens or demand such payments.

Then Cumming experienced a similar attack last month. About three days later, he received a call asking for another payment.

This time, he sought help from a friend who subsequently discovered and removed the malware that had been placed on his computer.

Ransomware is an exponentially larger problem for the city of San Diego, which faces a daily onslaught of ransomware attacks against its 14,000 desktop and laptop computers.

“It has become the malware of choice,” said Gary Hayslip, the city’s chief information security officer. “Some days I truly wish for just basic good-old email spam, the type that annoys you but doesn’t try to destroy your organization’s assets or interrupt business operations.

“With that said, here at the city, we have a strict policy that we don’t pay ransom.”

The FBI also advises people not to pay ransom.

“Obviously, we don’t want to see criminals make money from their criminal activity,” Special Agent Christopherson said. “It funds further illicit activity, and it kind of emboldens them.

“However, we do understand that businesses or even individuals might have a lot of money invested in files (on their computers). … There are going to be business decisions that arise where people pay the ransom.”

Even some law-enforcement agencies have decided to pay the hackers. Last year, for example, the Lincoln County Sheriff’s Office in Maine and four towns in that area together paid $300 to end a ransomware attack.

Experts warn that if people use their credit card to make a ransom payment, they won’t be able to get relief later by calling their credit card company to request a cancellation or refund.

Overall, cyber analysts said hackers, which include so-called “cyber gangs” and criminal syndicates, currently have the upper hand.

“Tracking the attacker or crime group back to their offices — because yes, ransomware is a business — can be difficult if not impossible,” said James Carder, vice president of LogRhythm Labs, a security company in Boulder, Colorado. “You combine that with the sheer number of attackers or crime groups … and you almost don’t know where to start. If you’re a law-enforcement agency, that makes it extremely difficult to do your job.”


REFLECTIONS OF AN FBI CYBER CRIME EXPERT

The San Diego Union-Tribune recently interviewed Special Agent Chris Christopherson, who investigates cyber crimes out of the FBI field office in San Diego. Here are some of his comments about ransomware; the remarks were edited for space and continuity.

What happens in a ransomware attack?

“It’s dark and seedy. It’s a form of malware that infects your computer. The hacker or someone trying to extort money from you takes control of your computer. With that control, they go out and download the ransomware. The ransomware has specialized instructions for decrypting the files on your computer and displaying some sort of ransom message. Even if you have (those) encrypted files decrypted, you still have the initial infection.”

How big is the problem?

“Every hour of every day, we believe that 4,000 computers (worldwide) are being infected with ransomware. All the data files are being encrypted. And at the end of the day, they’re trying to extort a ransom. The more computers they infect, the more likely someone is to pay the ransom. I’ve got a list, which I’m sure is not exhaustive, of almost 200 forms of ransomware.”

Who are these hackers?

What we see a lot of the time in cyber crime — and ransomware is not different — (are) people who are very talented, who have a gift for math programming, science, things of that nature, but don’t have an outlet for employment. You see economies, like in eastern Europe or even potentially Russia, where there are not a lot of jobs in that area, but there are a lot of people who are educated. It becomes a problem where they turn to the black market, to the dark side, in order to get some sort of employment or money. … What they resort to is making money for criminal groups or writing software and selling it to criminal groups.

Can you understand why some people agree to pay a ransom to hackers?

There are often really good business reasons to pay the ransom. Our only fear is that the more money the criminals make by writing and distributing ransomware, the more they will do it. So our concern is two-fold: It is for the victims, of course. But (also) for stopping the criminal activity in the future. We’re kind of caught in a hard place where we don’t want people to pay the ransom, but we have seen certain instances where it makes sense.”



Source link