Home / World News / Inside the highly profitable underworld of ransomware – The Denver Post

Inside the highly profitable underworld of ransomware – The Denver Post

Last month, employees at the Colorado Department of Transportation were greeted by a message on their computer screens similar to this:

“All your files are encrypted with RSA-2048 encryption. … It’s not possible to recover your files without private key. … You must send us 0.7 BitCoin for each affected PC or 3 BitCoins to receive ALL Private Keys for ALL affected PC’s.”

Versions of CryptoLocker ransomware notify computer users that their files have been encrypted and locked. Users are instructed to pay bitcoin to get the files back. But Webroot and other security companies warn that not all ransomware actually returns the files intact so check with security companies who will know the reputation of those hackers. (Images provided by Webroot)

Images provided by Webroot

Versions of CryptoLocker ransomware notify computer users that their files have been encrypted and locked. Users are instructed to pay bitcoin to get the files back. But Webroot and other security companies warn that not all ransomware actually returns the files intact so check with security companies who will know the reputation of those hackers. (Images provided by Webroot)

CDOT isn’t paying, but others have. In fact, so-called ransomware has become one of the most lucrative criminal enterprises in the U.S. and internationally, with the FBI estimating total payments are nearing $1 billion. Hackers use ransomware to encrypt computer files, making them unreadable without a secret key, and then demand digital currency like bitcoin if victims want the files back — and many victims are falling for that promise.

To better understand how ransomware works and how it has spread so effectively, The Denver Post talked with Broomfield anti-malware company Webroot, which got its start in the late 1990s cleansing computer viruses from personal computers.

“The end goal is just to put ransomware on the computer because right now the most successful way for cybercriminals to make money is with ransoming your files,” said Tyler Moffitt, a senior threat research analyst at Webroot.

Ransomware infects more than 100,000 computers around the world every day and payments are approaching $1 billion, said U.S. Deputy Attorney General Rod J. Rosenstein during the October 2017 Cambridge Cyber Summit, citing FBI statistics. A study by researchers at Google, Chainalysis, University of California San Diego and NYU Tandon School of Engineering estimated that from 2016 to mid 2017, victims paid $25 million in ransom to get files back.

And one out of five businesses that do pay the ransom don’t get their data back, according to 2016 report by Kaspersky Labs.

It’s a growing business for cybercriminals. And whether to pay or not is something each user or company must decide.

Last spring, the Erie County Medical Center in New York was attacked by SamSam due to a misconfigured web server, according to The Buffalo News. Because it had backed up its files, the hospital decided not to pay the estimated $44,000 ransom. It took six weeks to get back to normal at a recovery cost of nearly $10 million.

More recently in January, the new SamSam variant sneaked into Indiana hospital Hancock Health, which decided to pay 4 bitcoin, or about $55,000, in ransom. Attackers gained entry by using a vendor’s username and password on a Thursday night. The hospital was back online by Monday morning.

A variant of the SamSam ransomware has attacked computer systems of hospitals, healthcare systems and government agencies, like Colorado Department of Transportation. Cisco System's security unit Talos has been tracking SamSam and shared this screen image of the ransomware's demands. In January, Talos researchers said that the SamSam variant had collected 30.4 bitcoin, or about $325,217.07 in four weeks. (Image provided by Cisco)

Image provided by Cisco

A variant of the SamSam ransomware has attacked computer systems of hospitals, healthcare systems and government agencies, like Colorado Department of Transportation. Cisco System’s security unit Talos has been tracking SamSam and shared this screen image of the ransomware’s demands. In January, Talos researchers said that the SamSam variant had collected 30.4 bitcoin, or about $325,217.07 in four weeks.

About brandsauthority

Check Also

Donald Trump, Ali Watkins: Reporter denies claims she ‘swapped sex for secrets’

HOUSE of Cards fans might find this story all too familiar — leveraging a sexual …

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: