Whereas targeting personal computer users has largely been the case as far as ransomware plagues are concerned, the authors of these threats certainly realise that going after businesses and other organisations can give them more bang for their buck. This way, one shot gets them multiple hits, as the compromise can provide access to highly sensitive or classified information. There have been quite a few reports covering high profile ransomware victims.
1. The infamous infection known as CryptoLocker contaminated a number of computers that stored confidential data relating to the UK parliament. This attack took place in May 2015 and endangered sensitive information related to the work of Chi Onwurah, MP for Newcastle upon Tyne Central and the shadow minister for digital industries. The affected files that got encoded in a shared drive were used by over 8,000 government staff. After Chi Onwurah had confronted a ransom alert and reported the issue, the Parliamentary Digital Service (PDS) had to eliminate her account from the shared drive and replace all the affected computer hardware.
2. FastMail, a well-known email provider, underwent several distributed denial of service (DDoS) attacks. Thankfully, the organisation instantly triggered incident response measures that ended up ceasing the DDoS attack proper. Despite this interjacent success, the black hat hackers kept bombarding the network with other cyber threats. One of these additional hits resulted in the ransom note that demanded 20 Bitcoins, a little under $9,000, to stop DDoS attacks. The company’s management stated FastMail is not going to pay. There was no actual ransom Trojan involved that time but demanding money to cease website attacks is the same concept.
3. A number of other premium email providers, including Hushmail, Zoho and Runbox faced large-scale DDoS attacks back in November 2015. Although these were accompanied by data buyout demands from the attacker, none of the infected organisations paid the ransom.
4. ProtonMail, an encrypted email service based in Geneva, encountered a distributed denial of service attack as well, which resulted in the company’s site going offline. The organisation confirmed that the extortionists were asking for $6,000 worth of Bitcoins for the assault to discontinue. ProtonMail ended up submitting the ransom but the attacks continued regardless. The customers, of course, weren’t happy to discover that their email wasn’t accessible. Despite the understandable pursuit of a fast solution, ProtonMail has let down every organisation in their segment as the fraudsters will know they can get money in some cases.
5. A Chinese government website got hit by a ransomware malady. Initially exposed by Zscaler IT security company in November 2015, this virus campaign put all visitors of cxda.gov.cn web page at risk. Whenever a person visited the compromised website, a malicious script would reroute their traffic to a third-party page hosting the Angler exploit kit. The exploit kit was leveraged to contaminate the users with CryptoWall 3.0 ransom Trojan. Luckily, the infection was shortly removed from the site. This case is unique because it was the first time ransomware distributors took advantage of a government website to infect unsuspecting end users.
6. Another ransomware onslaught was pulled off against Rockford nonprofit in September 2015. The victim was The Arc of Winnebago, Boone and Ogle Counties, which is an organisation aiding people with disabilities. The virus displayed a ransom alert stating that the agency’s files were encrypted, and the decryption key could be bought for $700. The amount would double if the organisation failed to pay up within a fortnight. The ransomware froze files on dozens of computers and an in-house server that held years of information regarding clients and their progress, agency finances, as well as the documents and applications used by The Arc to run its day-to-day operations. The CryptoWall Trojan spread over machines on the network after an employee opened a contagious ZIP file attached to a phishing email. Having paid the ransom in Bitcoins, The Arc’s officials got the private decryption key.
7. Police departments in the Midcoast and Aroostook County (Wiscasset, Maine) faced a predicament where their computer systems got attacked by a ransomware virus. According to Todd B. Brackett, Lincoln County Sheriff, four towns and the county have a computer network used for sharing files and records. One of the employees unintentionally downloaded a piece of malware called Megacode, which encrypted all the information stored on that network. Ultimately, they had to submit a ransom amounting to about $300. The Sheriff and Damariscotta Police Chief Ron Young later said that having to send the buyout to the scammers was a cold comfort to everyone, but it was the sole way to restore the important data. The Houlton Police Department was also attacked by a similar digital threat around that time, which resulted in all their files getting encrypted. According to Chief Terry McKenna, they also had to submit the money in order to recover the information.
As per ThreatTrack Security survey, 30 per cent of respondents admitted they might give in to the extortion demands in these circumstances, and 86 per cent believed other organisations they knew have negotiated with the fraudsters and paid such ransoms in the long run.
Stu Sjouwerman, the founder of KnowBe4, believes it's a business decision. Based on weighing up the pros and cons, the average manager would end up making the same decision within a minute, he goes on to say. This is also a funding issue – financial resources are primarily distributed to the critical business areas while backups remain a low priority until a quandary like this is encountered.
As we can see from some of the real-world cases above, a lot of individuals, businesses and organisations decide to pay up. Their decision is fairly justifiable as losing records may lead to devastating outcomes. All of them, however, are just adding to the snowball of ransomware. The recent attacks prove it’s all going to get worse. Personnel training, regular data backups, and robust incident response can be helpful while dealing with the ransomware attack and avoiding the worst-case scenario.
David Balaban is editor of Privacy PC