Bitcoin used to be the preferred payment method of cybercriminals. Last year, we reported that the hackers behind the WannaCry ransomware infected PCs worldwide, and demanded payment in the form of Bitcoin from their victims. Hackers asked for Bitcoin because the cryptocurrency’s transactions are harder to trace to individuals compared to traditional bank transfers.

Some European businesses started to purchase Bitcoin in 2017 in order to prepare themselves for future ransomware demands. Cyber criminals, meanwhile, saw the value of Bitcoin skyrocket, which made the cryptocurrency a target for high-profile cyber theft.

Despite Bitcoin’s continuing popularity and expensive value, several news reports are stating that ransomware criminals are now asking for a different payment method.

While Bitcoin remains a highly popular cryptocurrency among people who deal in the dark web, its high-profile status is giving criminals some problems. ZDnet puts the blame on the asset’s hyper volatility that sometimes jeopardizes criminal operations. A crash doesn’t only affect investors who have diversified their portfolio with cryptocurrencies, but also criminals who need to keep adjusting their ransom based on the current prices of Bitcoin.

Before 2017 ended, Bitcoin reached an all-time high of $20,000. However, it slid sharply at the start of 2018, and settled at 50% of its December 2017 prices. In June, Nadex reported that cryptocurrency markets are being rocked by volatility almost every day. Bitcoin moved 13% lower, and even experienced a $1,000 drop in one trading day. Like any other asset, Bitcoin’s prices are affected by fundamental factors that affect the economy as a whole. Hacked online exchanges, the strengthening of regulated currencies, and current investor sentiment towards cryptocurrency markets are just some examples of what can affect the price of Bitcoin.

In the same article by ZDNet, it was mentioned that criminals are moving towards more stable forms of cryptocurrency like Monero, Zcash, and Ethereum. With the aforementioned 3 cryptocurrencies, criminals won’t have to keep adjusting their ransom every time Bitcoin’s prices crash.

Bad news for altcoins

The shift to other cryptocurrencies is gaining traction within the dark web. If more cybercriminals move towards other forms of digital funds, it will create problems for investors who have decided to stay away from Bitcoin because of its volatility. Hackers who switch to other cryptocurrencies will disrupt the trust of investors, and make altcoins more volatile. Apart from that, the mass switch by ransomware criminals to other cryptocurrencies will also make it harder for authorities to catch criminals, because they will be investigating multiple cryptocurrencies instead of just Bitcoin. Some new cryptocurrencies are designed to provide almost absolute anonymity to the integrity of the transactions and users, making investigations into cyber-crime money laundering next to impossible.

“We’ll see a progressive shift in 2018 towards criminal use of cryptocurrencies other than Bitcoin, making it generally more challenging for law enforcement to counter,” warned the Executive Director of Europol Rob Wainwright in a Tweet.

Despite the switch to other cryptocurrencies, many criminals will also continue to use Bitcoin due to its popularity. With more people and companies using it for everyday transactions, there is a higher chance of receiving the ransom.

“We must remember that when forcing ransom payment, Bitcoin is still the cryptocurrency of choice given its wide availability and use” said Thycotic’s Chief Security Scientist Joseph Carson. “It is when cyber-criminals are moving money around to pay other cyber-criminals or to purchase new toys they will use an alternative cryptocurrency to keep a low profile.”

Did you have your data stolen by ransomware criminals? Here on Datarecovery.com we provide fast and affordable solutions to your stolen files. Call us at 800-237-4200 so we can help retrieve what’s yours.

The post Why Ransomware Criminals are Moving Away from Bitcoin appeared first on Datarecovery.com.

If SamSam has infected your computer or network, turn off computer(s), disconnect all media, and call Datarecovery.com at 1-800-237-4200. Our ransomware experts will assess your situation and offer a plan to restore your files and remove SamSam.

What is SamSam Ransomware (And How Does It Work)?

SamSam is a type of crypto-ransomware, which means the malware encrypts files in such a way that only the attacker can decrypt them. If a victim doesn’t pay the ransom or have current backups, recovery from SamSam is extremely difficult. Hospitals and city governments have found that a SamSam attack cripples the organization’s ability to function normally, leading some to pay the ransom.

Notable Targets of SamSam Ransomware Include:

• MedStar 27, 2016 ($18,500 ransom)
• Follet’s Learning Destiny software 2016 (undisclosed ransom)
• Erie County Medical Center 9, 2017 ($44,000 ransom)
• City of Farmington, NM 3, 2018 ($35,000 ransom)
• Adams Memorial Hospital 11, 2018 (undisclosed ransom)
• Hancock Health 11, 2018 ($55,000 ransom)
• Davidson County, N.C. 16, 2018 (undisclosed ransom)
• Colorado Dept. of Transportation 21 and March 1, 2018 (undisclosed ransom)
• City of Atlanta, GA March 22, 2018 ($51,000 ransom)

In addition to these high-profile targets, there have been other unspecified victims. A 2016 FBI alert referred to multiple “attacks on healthcare facilities” without mentioning specific names. More recently, an unnamed Industrial Control Systems (ICS) company was hit by the ransomware.

How Does SamSam Ransomware Infect My System?

Unlike the majority of ransomware, SamSam does not spread through spam emails or malicious links. Instead, the distributors target vulnerable servers using brute-forced credentials or by exploiting outdated software. After gaining access, the hackers harvest other credentials and use Remote Desktop Protocol to manually spread SamSam through a network.

The attackers wait a number of days before executing the ransomware payload, making it harder for organizations to discover the initial breach. This can allow the hackers to reinfect a system if the organization attempts to recover without paying the ransom, as happened with the Colorado Department of Transportation. After sufficient time has passed, the hackers run batch scripts which begin running the ransomware. Once SamSam has encrypted files, it drops a ransom note with the payment demand, which varies by incident.

Can I Disable or Remove SamSam Ransomware Encryption?

Removing SamSam and decrypting affected files is difficult. As such, it is critical to prevent the ransomware from infecting systems with the following best practices:

• Update all software promptly (businesses should use a centralized patch management system to detect vulnerabilities).
• Limit the number of attempts to correctly enter passwords for systems.
• Regularly back up data while maintaining redundant copies — SamSam can spread to network-based backups before it begins encrypting files, which makes recovery from an attack more difficult when only one backup exists.
• Use the principle of least privilege to mitigate damage done by ransomware.

If your systems have been infected by SamSam, Datarecovery.com can help. We’ll assess your situation and start you down the road to recovery as soon as you call or start a case with us.

As with all data recovery situations, time is an important factor. If ransomware has infected your computer or network, call 1-800-237-4200 to speak to a malware expert. We’ll go over your options and help determine the best way to recover from a SamSam attack.

The post SamSam Ransomware Infection And Decryption Services appeared first on Datarecovery.com.

A ransomware attack on the city of Atlanta on Mar. 22 has left officials scrambling to provide services to residents. Many critical services, like public-safety and wastewater treatment, have been unaffected. Meanwhile, other systems have ground to a halt or slowed considerably.

For instance, the city is temporarily not accepting employment applications. New water service requests and other planning services can be made in person, but processing times are longer than usual. The Hartsfield-Jackson International Airport has disabled its wifi and taken security wait times and flight information off its website out of an abundance of caution.

Perhaps the biggest headache for the city is keeping the courts running during the mayhem. The city court cannot validate warrants or process ticket payments (even in person). Court dates continue being pushed back (via tweets) as the city struggles with the ransomware attack.

RESET NOTICES WILL BE MAILED. pic.twitter.com/hyV3pcLSE0

— ATL Municipal Court (@ATLCourt) March 28, 2018

Mayor Keisha Lance Bottoms gave few details on what the city’s response would be.

When asked if she would consider paying the $51,000 ransom, Bottoms admitted, “Everything is up for discussion.” She added that she would consult with federal authorities to determine the best course of action. The city hired a private security company, SecureWorks, to investigate the attack. The FBI, Homeland Security, and the Secret Service are all involved in determining exactly what happened.

“I just want to make the point that this is much bigger than a ransomware attack,” Bottoms said at a press conference. “This is really an attack on our government, which means it’s an attack on all of us.”

Fears that the attackers accessed personal data continue.

Officials initially warned city employees and any member of the public who had made transactions with the city to check their bank accounts for fraudulent activity.

“Because we don’t know, I think it would be appropriate for the public just to be vigilant in checking their accounts and making sure their credit agencies have also been notified,” Bottoms said shortly after the incident.

On March 26, an official tweet from the city reiterated that sentiment but added that there is still no evidence that sensitive data has been compromised.

GENERAL REMINDER: At this time, there is no evidence to show that customer or employee data has been compromised. However, customers and employees are encouraged to take precautionary measures to monitor and protect their personal information.

— City of Atlanta, GA (@Cityofatlanta) March 28, 2018

The city hasn’t identified the attacker, but media reports point to a familiar name.

A New York Times article has identified the SamSam hacking crew as the responsible party. While few details are known about SamSam, they do have several trademarks.

The group tends to target large organizations who have the resources to pay a hefty ransom. SamSam also has sophisticated methods of covering their tracks that allow them to attack organizations repeatedly.

The same group victimized the Colorado Department of Transportation twice this year.

The first attack shut down over 2,000 employee computers, forcing workers to use pen and paper to complete work. The city decided not to pay the ransom, but to painstakingly clean the computers of any malware.

When the city’s IT professionals had cleared 20 percent of computers for employee use, a variant of SamSam reinfected them. Hearing stories like these, it’s easy to understand why some organizations simply pay the ransom.

To put even more pressure on victims, the SamSam attackers generally target health care facilities and municipal organizations. Allscripts, Adams Memorial Hospital, Erie County Medical Center, and the city of Farmington, New Mexico all fell prey to SamSam ransomware in the last year.

Atlanta is now learning a painful but useful lesson in cybersecurity.

The city is documenting its progress and answering frequently asked questions on its website, while the mayor promises that more attention will be given to cybersecurity in the future.

“Just as much as we really focus on our physical infrastructure, we need to focus on the security of our digital infrastructure,” Bottoms said. “I am looking forward to us really being a national model of how cities can shore themselves up and be stronger because of it.”

The post City of Atlanta Hit by SamSam Ransomware appeared first on Datarecovery.com.

The report came from CyberEdge, who surveyed 1,200 IT security professionals and is not affiliated with any security vendor.

Their 2018 Cyberthreat Defense Report is an attempt to understand the variety of threats faced by organizations that employ at least 500 people. The results showed that cyberattacks have become increasingly successful over the past five years (though, mercifully, the number of successful attacks is slightly down from last year).

Another illuminating trend is that the percentage of IT professionals who are optimistic about dodging successful attacks in the coming year went from 62 percent in 2014 to 38 percent in 2018. This can be viewed as pessimism or realism, but either way, it’s an acknowledgement of the great challenges ahead. Respondents listed application containers (like Docker or Rocket), mobile devices, and cloud infrastructure as the weakest links likely to be targeted by a cyberattack.

Malware (viruses, worms, trojans) was voted as the number one general threat to IT security for the second year in a row.

Second place was a tie between ransomware and phishing attacks. Given that many ransomware attacks were paired with worms and other malware (as well as phishing attacks), you can understand how big of a concern ransomware is for security professionals.

And it was not a rare phenomenon either. A surprising 55 percent of surveyed organizations were hit by ransomware in 2017. One area of good news was that many who refused to pay ransoms still recovered their data. Instead of buckling to cybercriminals, they worked to recover data from backups or simply dealt with the data loss. Almost 87 percent of victims who did not pay the ransom recovered their data anyway.

The scarier news was that only 49.6 percent of ransomware victims who paid the ransom were able to decrypt their data. This statistic should convince businesses and individuals of the importance of keeping current backups that are offline or in the cloud.

If a victim cannot recover backups, consulting a professional data recovery company is highly recommended. At Datarecovery.com, the recovery rates for ransomware cases are far higher than those in the CyberEdge survey. Knowing the landscape and having experience help ensure a successful recovery from a ransomware attack. Some strains have freely available decryptors, while others have coding issues that prevent even the attacker from decrypting files. Knowing which avenues to pursue saves time and increases the odds of a successful recovery.

Survey respondents listed “lack of skilled personnel” as the greatest barrier to defending against cyberthreats.

In past surveys, “low security awareness among employees” has topped that list, but a skilled personnel shortage has slowly climbed the ranks over the past five years. Poor security awareness still placed second as a barrier to IT security (which is concerning, given how long it’s been an issue).

Overall, the survey showed positive as well as negative trends. Many perennial threats remain: mobile devices and poorly trained employees continue to be security challenges. On the other hand, the number of successful cyberattacks decreased for the first time in five years and security budgets are higher than they’ve ever been. More than anything, the CyberEdge report reminds us that good IT security requires constant vigilance and adaptation to new threats.

The post Only Half of Ransomware Payments Resulted in Decrypted Files appeared first on Datarecovery.com.

SamSam ransomware has infected thousands of computers at the Colorado Department of Transportation. Over 2,000 employee computers were shut down to stop the spread of the malware after it was discovered on Feb. 21, and systems are still not back online.

Office of Information Technology chief technology officer David McCurdy released a statement shortly after the attack that said, “This ransomware virus was a variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and security tools and has no intention of paying ransomware. Teams will continue to monitor the situation closely and will be working into the night.”

SamSam is a strain of ransomware that targeted hospitals and others throughout January.

An Indiana hospital, Hancock Health, paid a $55,000 ransom to restore files and functionality after SamSam infected its servers. Even though the hospital claimed to have complete backups of encrypted files, administrators chose to pay the ransom to avoid costly delays in restoring their systems.

Security researchers say that the group behind SamSam uses a brute-force attack on Remote Desktop Protocol (RDP) connections to gain access to internal networks. Then, hackers manually install the ransomware, which begins encrypting files. To protect against SamSam, researchers warn that any computers open to remote RDP connections should have strong and unique passwords.

SamSam was also the culprit behind attacks on Allscripts, Adams Memorial Hospital, Erie County Medical Center, and the city of Farmington, New Mexico. Security experts believe that these attacks were carried out by a single group of hackers.

CDOT continues with daily work the old-fashioned way.

“Our critical systems, our road operations, traffic operation systems are still online. We still have people on the road plowing and doing construction,” CDOT spokesperson Amy Ford told the Denver Post. “The things we have changed a little bit is we’ve had some business bids in the process of being done and we’ve extended times and dates. And we’re working with our contractors.”

The incident demonstrates the difficulties of recovering from a ransomware attack. Even though CDOT backed up their data, they are beginning their second week offline. Mecklenburg County, North Carolina faced a similar slog after a ransomware called LockCrypt infected county government servers. Officials spent well over a month scrambling to restore services after that incident.

Ford summarized the frustrating but manageable limbo that CDOT is currently in.

“No one is back online. What we’re doing is working offline. All our critical services are still online — cameras, variable message boards, CoTrip, alerts on traffic. They are running on separate systems,” Ford said. “The message I’m sharing is CDOT operated for a long time without computers, so we’ll use pen and paper.”

The post SamSam Ransomware Infects CDOT appeared first on Datarecovery.com.

Ukrainian politicians have long blamed Russia for the attacks, but it wasn’t until last month that the CIA concluded with “high confidence” that Russia’s GRU military spy agency created the malware.

Starting on Feb. 15, British, American, and Australian government agencies publicly accused Russia of the attack. British Foreign Office Minister Tariq Ahmad released the first statement, which said, “The attack masqueraded as a criminal enterprise but its purpose was principally to disrupt. Primary targets were Ukrainian financial, energy and government sectors. Its indiscriminate design caused it to spread further, affecting other European and Russian business.”

White House Press Secretary Sarah Sanders then released her own statement. “In June 2017, the Russian military launched the most destructive and costly cyber-attack in history,” Sanders said. “This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.”

Russia responded with a shrug and a denial.

“It’s not more than a continuation of the Russophobic campaign,” Kremlin spokesman Dmitry Peskov told the BBC.

Australia quickly joined the US and UK in blaming Russia. The Minister for Law Enforcement and Cyber Security wrote, “Based on advice from Australian intelligence agencies, and through consultation with the United States and United Kingdom, the Australian Government has judged that Russian state sponsored actors were responsible for the incident.”

While many security experts already blamed Russia for NotPetya, there were some calls to produce hard evidence. The Centre for Research on Globalization (CRG), a research and media organization based in Montreal, points out that the accusers have shown no proof that Russia is responsible. Furthermore, CRG believes the CIA has the capability to leave fake “fingerprints” after a hack, meaning that, hypothetically, the US government could have carried out the attack itself.

According to CRG, the motivation for the CIA to carry out and then falsely accuse Russia for the attack would be to create a pretense for starting a war. Given how drastically the Trump administration has downplayed Russian meddling in the US elections, this scenario seems unlikely. Still, asking for more than circumstantial evidence before condemning Russia seems reasonable.

The US government hinted at countermeasures to punish Russia.

“We’re going to work on the international stage to impose consequences,” White House cybersecurity coordinator Rob Joyce told CNBC. “We’re going to see levers the US government can do to impose those costs.” Joyce went on to condemn the “indiscriminate attack” that caused billions of dollars in damages.

Everyone with an interest in geopolitics is waiting to see what the US response will look like. Because the US has condemned the indiscriminate nature of the NotPetya attack, the countermeasures will likely be more targeted. However, considering the high costs NotPetya caused companies throughout Europe and the US, the response will not be light.

The post US and Britain Blame Russian Military for NotPetya appeared first on Datarecovery.com.

An illustrative example is the “cheating husband” scheme. Swindlers compose a message that threatens to expose a husband’s infidelities unless a ransom is paid. The scammers send the email to thousands of people, hoping to find a guilty and gullible victim among them. Unfortunately for the police, people who fall prey to these schemes rarely report the crime due to embarrassment. In this particular instance, one of the targets of the scheme contacted the Nashville Police Department.

However, even when victims report these crimes, local police departments don’t have a method of tracking or warning other jurisdictions about them. The FBI created the Internet Crime Complaint Center in 2000, but Donna Gregory, who heads the center, admitted only about 10 percent of cybercrimes are ever reported.

To make reporting easier and more uniform, the National Academies of Sciences, Engineering, and Medicine are currently working to modernize local and federal crime-classification systems. The hope is that with better data, local police departments and the FBI will be able to better address cybercrimes.

Cybersecurity companies can offer greater insight into the world of internet crime.

Law enforcement agencies may be overwhelmed by the breadth of digital crimes occurring, but IT security firms must stay ahead of hackers to remain in business. Their daily interactions in detecting and stopping attacks leaves them with a trove of valuable data.

Malwarebytes recently released their 2017 fourth quarter report on the evolving tactics and techniques of hackers. The report detailed shifting but unrelenting threats from cybercriminals. For instance, after the major ransomware attacks last year, development and distribution of that particular type of malware slowed. In its place, attackers deployed spyware, banking trojans, and hijackers — all of which are designed to steal sensitive data and distribute more malware.

Mining has increased as cryptocurrency grows in popularity and value.

Bitcoin and a multitude of newer digital currencies have received increasing media attention as their prices skyrocketed and then crashed. While the cryptocurrency market has lost about half of its value since mid-December, many investors see this as a simple correction due to overzealous buyers late last year. Cryptocurrency is here to stay, and there is money to be made from it.

Of course, that means cybercriminals are getting in on the game. Sophisticated hackers have found vulnerabilities in cryptocurrency code to steal vast sums of digital money. That’s what happened to Japan’s CoinCheck, which was taken for $534 million in a late-January heist.

However, there’s a more mundane way of making cryptocash that’s on the rise — mining. Cryptomining occurs when people volunteer computing power to a cryptocurrency’s network. In exchange for running software that validates transactions, miners occasionally earn coins. Hackers have invented a method called drive-by mining to receive the rewards of cryptomining while using unwilling victims to provide the computing power.

These drive-by mining programs can run on a computer without the victim ever knowing it (except for seeing a decrease in computer speed). Malwarebytes claims to have blocked over 100 million drive-by mining attempts in a single month, which means this is a major new threat for security firms.

The report’s 2018 predictions indicate that consumers and businesses must remain vigilant.

Malwarebytes believes that drive-by cryptocurrency mining will continue as long as digital currencies keep their value. The security firm also warns that hackers could use the Internet of Things to mine cryptocurrency as well as perpetrate DDOS attacks. Finally, the report’s authors believe the use of leaked exploit codes in 2017 will continue this year unless the governments who discover the vulnerabilities begin disclosing them.

The ever-shifting tactics of hackers shows how hard of a job the National Academies of Sciences, Engineering, and Medicine have in codifying a classification system for cyber-attacks. However, without recording and sharing this information in a formalized way, law enforcement will continue struggling to keep up with cybercriminals.

The post Malware Report Sheds Light on Underreported Cybercrimes appeared first on Datarecovery.com.

Bitcoin price fluctuations have made setting ransom demands difficult.

The price of bitcoin has fluctuated wildly, spooking investors and frustrating cybercriminals.

In the past month, the price of bitcoin has yo-yoed from $13,000 to $17,000 and then back down to $10,000. These fluctuations make it difficult for hackers to demand a precise ransom. In fact, the price of bitcoin has become so unreliable, hackers are increasingly pricing their ransoms in US dollars (though the payments are still frequently requested in bitcoin).

And a fluctuating price isn’t the cryptocurrency’s only problem. Gabriel Glusman, senior cyber intelligence analyst at Sixgill, told ZDNet, “the time it takes for transactions to confirm, the high volume, and the transaction fees makes it that anything that’s less than $200 isn’t worth paying in bitcoin.” These problems have spurred hackers to look for alternate forms of payment.

The takedown of dark websites AlphaBay and Hansa has cybercriminals worried about cryptocurrency anonymity.

A joint effort by the U.S. Department of Justice and Europol took down AlphaBay, a website that hosted listings for illegal drugs, stolen and fraudulent documents, firearms, and other illicit products. Once the site was shuttered, criminals flocked to another dark website, Hansa.

Unfortunately for the criminals who created Hansa accounts, the site had already been seized by Dutch officials. International law enforcement agencies silently recorded the criminal activity taking place on Hansa. “They flocked to Hansa in their droves,” Interpol director Rob Wainwright told Wired. “We recorded an eight-times increase in the number of new users on Hansa immediately following the takedown of AlphaBay.”

The closures of AlphaBay and Hansa have spooked some cybercriminals into seeking currencies with more privacy protections than bitcoin. Wainwright tweeted a warning that, “We’ll see a progressive shift in 2018 towards criminal use of cryptocurrencies other than Bitcoin, making it generally more challenging for law enforcement to counter.”

Monero has a growing share of the cryptocurrency market.

The alt-coin launched in 2014 and focuses on being untraceable, which has made it popular for ransomware distributors. Matt Suiche, founder of Comae Technologies told Bloomberg that monero is now “one of the favorites, if not the favorite” cryptocurrency of ransomware attackers.

Monero transaction fees (like those of bitcoin) are not fixed, but they have been significantly lower than bitcoin’s on average. Monero also has many more features to ensure anonymity than bitcoin (though some transactions from between 2014 and 2016 may be traceable).

While monero’s developers aren’t advocating for criminals to use it, they admit that it is well-suited for illegal transactions. Riccardo Spagni, a core developer for the alt-coin told Bloomberg, “I imagine that monero provides massive advantages for criminals over bitcoin, so they would use [it].”

Another attractive currency for use on the dark web is Dash.

The alt-coin, whose name is a portmanteau of “digital cash,” may have an even brighter future than monero. It has extremely low transaction fees (they aren’t fixed, but are generally less than $1) and an InstantSend function that completes transactions in as little as a few seconds. Dash also has a feature called PrivateSend that makes it attractive to those looking to do untraceable deals.

Dash received media attention after inking a deal with Kuvacash, a project aiming to stabilize Zimbabwe’s runaway inflation. The $550,000 partnership led to a steady increase in the coin’s price until an abrupt nosedive with most other cryptocurrencies in mid-January. Still, if the coin achieves mainstream popularity, it will be very attractive to cybercriminals looking for a good blend of ease-of-use and increased privacy.

Ransomware may embrace new currencies, but it’s not going away any time soon.

Hancock Health and Allscripts, an electronic health record company, have both suffered costly ransomware attacks in January 2018. Last year saw ransomware cripple dozens of organizations and businesses as IT departments scrambled to keep up. That is to say, bitcoin’s price may fluctuate, but ransomware attacks remain a constant.

Cybercriminals fleeing the bitcoin market does not necessarily mean that law-abiding consumers will, too. However, some of bitcoin’s issues, like hefty transaction fees and long confirmation times, extend to everyone who uses it. Other cryptocurrencies like monero and Zcash hope to capture a larger market share due to enhanced privacy features.

Whichever form wins out in the end, there is a demonstrated appetite for cryptocurrency — the current market cap stands at over $500 billion. Our only advice is that if you decide to invest in one of these new alt-coins, don’t choose SpriteCoin — it’s a disguised ransomware that will encrypt your files and demand 0.3 monero.

The post Cybercriminals Ditch Bitcoin in Search of Better Cryptocurrency appeared first on Datarecovery.com.

Hospital staff used paper and pencil while the computer system was evaluated.

Hancock Health CEO, Steve Long, told the Greenfield Daily Reporter that no appointments were canceled as a result of the attack (though snowy weather helped by causing cancellations and reducing patient volume). Many hospital patients didn’t even know there was an issue, and Long doesn’t think any sensitive information was compromised in the attack.

According to a Fox affiliate WISH, SamSam is the ransomware that infected Hancock Health. After encrypting files, the malware displayed a a ransom note that demanded four bitcoins (which was approximately $55,000 at the time of payment).

“We wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients,” Long told WISH. “Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”

SamSam targets vulnerabilities in servers and requires no interaction on the victim’s part.

Many ransomware attacks are the result of incautious employees clicking on malicious links or attachments in emails. SamSam instead searches for vulnerabilities on servers that have not been properly configured or updated.

According to an FBI statement, SamSam has successfully targeted healthcare facilities in the past. One noteworthy case is that of Erie County Medical Center (ECMC) in Buffalo, New York. After being infected by SamSam, the hospital decided not to pay the ransom. ECMC had backups and administrators doubted that the hackers would restore files even after being paid. Staff used workarounds and non-electronic processes for over a month before all functionality was restored.

“Our people were tested, and it blew me away. They have been resourceful, and have rallied around each other and the patients,” ECMC CEO Thomas Quatroche told The Buffalo News. “There also was a silver lining in that we learned that having administrators do rounding through the hospital is something we need to do more of in the future.”

While Quatroche keeps his perspective positive, the ransomware did a great deal of financial damage. Officials estimate that the attack cost $10 million. Overtime and lost business made up some of the losses, but much of the money went toward beefing up hardware and software to ensure a ransomware attack never succeeds again.

Whether victims pay a ransom or not, the FBI encourages them to report cyberattacks.

Businesses affected by ransomware should report the incident to the Internet Crime Complaint Center. By tracking attacks and tactics, the FBI has a better chance of catching hackers and helping businesses avoid infections.

There were almost 3,000 reported complaints about ransomware in 2016 and because fraud is severely underreported, the actual number of attacks is likely much higher. The attack on Hancock Health proves that medical centers remain an attractive target to cybercriminals. Hospital administrators should take measures to improve their IT security and consider buying cyber insurance.

The post Indiana Hospital Pays $55,000 to Get Rid of Ransomware appeared first on Datarecovery.com.

What is the Internet of Things?

The IoT refers to devices — think appliances, cars, and HVAC systems — that connect to the internet. These devices often have “smart” as a prefix and offer convenient and futuristic features like the ability to turn up the heat or AC just before you head home from work.

Smart watches, which display emails, monitor heart rate, and even tell golfers how far they are from the pin, are one of the most popular IoT gadgets. But there plenty of lesser known smart devices as well. Coffee makers, thermostats, and light bulbs are increasingly offering connectivity to the internet as a feature.

Unfortunately, the connectivity that allows consumers to control appliances remotely also exposes devices to malware. And that brings us to the crux of why the IoT will likely become a more frequent target of ransomware attacks.

IoT continues growing, but security is still lax.

The IoT has grown in fits and starts through 2017. For the first time in history, there are more connected devices (approximately 8.4 billion) than humans (approximately 7.6 billion) on the planet. That being said, Cisco estimates that 75 percent of all IoT projects are failing due to problems with security and lack of compatibility.

These security issues will become a major issue as consumers and industry grow accustomed to the benefits of connectivity. The more people rely on connected devices, the more vulnerable to ransomware they become. After all, successful ransomware attacks depend on the victim feeling like they have no choice but to pay the ransom.

IoT ransomware would look different than the attacks we’ve seen lately.

In general, smart devices are highly specialized and quite different from desktop computers. They don’t store family photos or business files, and many don’t have a screen to display a ransom note. Still, enterprising hackers could find a way to freeze or take control of devices and demand a payment.

At the Def Con hacking conference, two researchers demonstrated how they could infect a thermostat with ransomware. If hackers targeted a hospital or nursing home and cranked the heat during summer or AC during winter, victims would have to consider paying the ransom.

If hackers successfully targeted even more critical equipment in a medical facility, the stakes would be even higher. Several researchers have warned that U.S. power grids are vulnerable due to poor IoT security. These are some of the reasons why so many people are urging IoT manufacturers to take security more seriously.

Consumers can take precautions right now to protect IoT devices.

For starters, don’t keep the default password and don’t make the new one “123456” or something else that is easy to guess. Always update your smart devices when a patch becomes available (just like you should with your computer and phone).

Consumers should make sure devices are operating on a secured Wi-Fi router and not an open wireless connection. Buying devices from companies that have a good cybersecurity track record is also helpful. Here’s more information from the FBI on how to protect your devices from hacking. As for industrial and government systems, we hope they listen to Cisco CTO Kevin Bloch when he says, “If you don’t secure it, don’t connect it.”

The post Cybersecurity Still a Major Issue for the Internet of Things appeared first on Datarecovery.com.