Have you received an email which knows your name, how about your address? These spam emails are often full of viruses, and the person who sent them has purchased your information from some website or service you have used, and often forgotten or not noticed a tick box. Lately some of these scams have become far more sophisticated by installing ransomware on the user’s computer.
Members of the BBC Radio 4’s You and Yours team were among some of the recipients of the email which claimed they owed hundreds of pounds to UK firms, but when these firms have been contacted by worried customers they confirmed that they had not sent the emails. Some individuals were silly enough to click the links in the email which linked to a ransomware known as Maktub.
Although a warning message may appear on the computer screen when you enter the link it s too late, the ransomware has already taken hold of your computer and encrypted anything of value on your hard drive. The way such a virus works is to offer you to purchase the encryption key so that you can decrypt your data, with each passing day that you do not pay the release fee increases.
It is not clear if this is the same type of email recently hit several US hospitals. The first to come onto our radar was the Hollywood Presbyterian Medical Center who has been noticing ‘significant IT issues and declared an internal emergency’ back on February 12th. Chaos ensued for several days as staff were forced to revert to paper documents; phone lines, computer systems, faxes and more were unusable during the incident. Eventually the hospital paid the ransom of 40 bitcoins, equivalent to around £12,000
Subsequently Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital, California were also victims of a ransomware attack. A message on the Kentucky Methodist Hospitals homepage read: “Methodist Hospital is currently working in an internal state of emergency due to a computer virus that has limited our use of electronic web-based services.We are currently working to resolve this issue, until then we will have limited access to web-based services and electronic communications.”
The hospital claimed that patient data had not been affected, what we do know is that this strain of ransomware was called Locky. The Kentucky facility paid around £1100 in order to regain control of their systems which is a relatively low amount compared to what could have been demanded from such critical systems. What is perhaps more worrying is that MedStar Health was also a victim, forcing them to shut down its email and vast records database.
MedStar officials said they had found “no evidence that information has been stolen.” “MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization,” spokeswoman Ann Nickels said in a statement. “We are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning.”
The reason this organisation is more worrying than a single hospital is that it operates 10 hospitals and more than 250 outpatient facilities in the Washington region, serving over 30,000 people. This security breach meant that appointments and surgeries were delayed or cancelled. MedStar was also infected with Locky.
The FBI is investigating all incidents stating that in a nine-month period in 2014, the FBI investigated 1,838 complaints of such attacks, which cost those targeted more than £16.6 million. In 2015, agents investigated 2,453 complaints, costing targets £16.9 million.
A new version of ransomware has been discovered called Petya which encrypts the Master File Table; all files on the volume, including file names, timestamps, stream names, and lists of cluster numbers where data streams reside, indexes, security identifiers, and file attributes like “read only”, “compressed”, “encrypted”, etc.
The master boot record which tells the computer to launch your operating system is also replaced, meaning that when you start up the computer you are faced with a scary red and white skull and crossbones painted in boller signs with the explanation that your entire system is now hosed.
Petya will cause a lot of issues putting data back together, but thankfully the author of the hack made a mistake leaving clues as to the key so that you do not have to pay the ransom. There is now a free tool which will help you decrypt your computer without much hassle.
It is not just emails which spread viruses, they can also be installed on USB sticks which will automatically execute when plugged in. The problem with this is that many people will try to read the documents on a drive in order to identify the owner, but as we have seen in the hit show Mr. Robot such actions can bring down an entire network which is why some police forces have disabled the USB ports on their systems.
A recent study at the University of Illinois dropped 297 USB sticks on the school’s Urbana-Champaign campus, with 135 people picking them up and opening files. 68% of people who opened the files said they were trying to identify the owner, whilst 18% admitted that they opened the files out of curiosity.
This may seem innocent, and at times the right thing to do, but is it worth risking your computer or an entire network? One person who opened files stated that they were not worried as they sacrificed a university computer, but has this contained ransomware it would have slowly encrypted the university’s systems rendering it inoperable.
Adobe have also had to rush out an emergency Flash update due to a bug in their programming. ‘The bug allows an attacker to send boobytrapped content to Windows 10’s browser’s Flash plugin in such a way that the browser will not only crash, but also hand over control to the attacker in the process.’