When hackers set out to extort the town of Tewksbury,
Massachusetts with "ransomware," they followed up with an FAQ
explaining the attack and easy instructions for online payment.
After balking for several days, Tewksbury officials
decided that paying the modest ransom of about $600 was better than struggling
to unlock its own systems, said police chief Timothy Sheehan.
That case and others show how cyber-criminals have
professionalized ransomware schemes, borrowing tactics from customer service or
marketing, law enforcement officials and security firms say. Some players in
the booming underworld employ graphic artists, call centers and technical
support to streamline payment and data recovery, according to security firms
that advise businesses on hacking threats.
The advancements, along with modest ransom demands,
make it easier to pay than fight.
“It’s a perfect business model, as long as you
overlook the fact that they are doing something awful,” said James Trombly,
president of Delphi Technology Solutions, a Lawrence, Massachusetts, computer
services firm that helped three clients over the past year pay ransoms in
bitcoin, the virtual currency. He declined to identify the clients.
In the December 2014 attack on Tewksbury, the pressure
to pay took on a special urgency because hackers disabled emergency systems.
That same is true of additional attacks on police departments and hospitals
since then. But all sectors of government and business are targeted, along with
individuals, security firms said.
The total cost of ransomware attacks is hard to
quantify. But the Cyber Threat Alliance, a group of leading cyber security
firms, last year estimated that global damages from CryptoWall 3 - among the
most popular of dozens of ransomware variants - totaled $325 million in the
first nine months of 2015.
Some operations hire underground call centers or
email-response groups to walk victims through paying and restoring their data,
said Lance James, chief scientist with the cyber-intelligence firm Flashpoint.
Graphic artists and translators craft clear ransom
demands and instructions in multiple languages. They use geolocation to make
sure that victims in Italy get the Italian version, said Alex Holden, chief
information security officer with Hold Security.
While ransomware attacks have been around longer than
a decade, security experts say they've become far more threatening and
prevalent in recent years because of state-of-the-art encryption, modules that
infect backup systems, and the ability to infect large numbers of computers
over a single network.
Law enforcement officials have long advised victims
against paying ransoms. Paying ransoms is "supporting the business
model," encouraging more criminals to become extortionists, said Will
Bales, a supervisory special agent for the Federal Bureau of Investigation.
But Bales, who helps run ransomware investigations
nationwide from the Washington, DC office, acknowledged that the payoffs make
economic sense for many victims.
"It is a business decision for the victim to
make," he said.
Run-of-the-mill ransomware attacks typically seek 1
bitcoin, now worth about $420, which is about the same as the hourly rate that
some security consultants charge to respond to such incidents, according to
security firms who investigate ransomware cases.
Some attacks seek more, as when hackers forced
Hollywood Presbyterian Hospital in Los Angeles to pay $17,000 to end an outage
in February.
Such publicized incidents will breed more attacks,
said California State Senator Robert Hertzberg, who in February introduced
legislation to make a ransomware schemes punishable by up to four years in
prison. The Senate's public safety committee was scheduled to review that bill
on Tuesday.
Some victims choose not to pay. The Pearland
Independent School District near Houston refused to fork over about $1,600 in
ransom demanded in two attacks this year, losing about three days of work from
teachers and students. Instead, the district invested tens of thousands of
dollars on security software, said Jonathan Block, the district's desktop
support services manager.
“This threat is real and something that needs to be
dealt with,” Block said.
The town of Tewksbury has also upgraded its security
technology, but Sheehan says he fears more attacks.
"We are so petrified we could be put into this
position again," he said. "Everybody is vulnerable."
(Reporting by Jim Finkle. Additional reporting by
Dustin Volz. Editing by Jonathan Weber and Brian Thevenot.)
No comments:
Post a Comment