Tag Archives: Ransomware

Hollywood hospital hit with ransomware: Hackers demand $3.6 million as ransom

An internal emergency has been declared at a major US hospital in Los Angeles following a widespread ransomware-style cyberattack which has left staff unable to access vital patient data, it has been revealed.

Hackingstuffs

@Copyright Hackingstuffs

The Hollywood Presbyterian Medical Centre, located in the heart of LA, is now dealing with hackers who are reportedly demanding over 9000 bitcoins – which equates to roughly $3.6m – to release the encryption keys to computer systems that hold patient data, X-Ray scans, CT scans and crucial lab work.
Why advertise with us

According to NBC Los Angeles, hospital president and chief executive Allen Stefanek said that staff first started to notice “significant IT issues” on 12 February, however reports indicate that the attack may have started over a week ago. Now, forensic computer experts from the Los Angeles Police Department (LAPD) and the FBI have been called in to investigate further.

An unnamed doctor has admitted that the hospital’s computer system was hacked and is currently being held for ransom, adding that departments are now communicating through fax machines because they have no access to email. Furthermore, a number of patients have been transferred to other hospitals.

Meanwhile, a separate report by Fox (Los Angeles) reaffirmed that the cyberattack has directly affected the ‘day-to-day’ operations of the hospital.

What is Ransomware attack?

Ransomware is a type of malware which restrict access to the infected computers. And ask users to pay money to get access back to the system. Some type of Ransomware will encrypt the system hard drive in a way that you need to pay to decrypt it. While some may simply lock the system and display messages intended to coax the user into paying. This type of attack got popular from 2013.

Group behind largest Ransomware campaign arrested by Spanish police

The infamous Reveton ransomware gang has finally been apprehended by the legal authorities who made millions of Euros every year by deceiving unsuspecting victims in more than 30 countries. The gang consists of as many as 11 members, including 2 Ukrainians, 6 Russians, and 2 Georgians. This breakthrough was made by Europol and the Spanish Police was the one who arrested these 10 people in Spain. The man suspected to be the leader of this gang, a 27 year old Russian national, was apprehended in Dubai in December last year, and the Spanish authorities are trying to get him extradited successfully to Spain.

The gang is the one who developed and distributed the Reveton malware which is known as the Police Trojan, since it used to freeze infected computers and display a warning message urging the users to pay a false fine by accusing them of accessing pornographic sites or illegally downloading content from the internet. The message is posed as having been sent by the police authorities and in order to access the system a payment must be made. The payment is demanded by purchasing a voucher from a prepaid cash service such as Ukash and Paysafecard which were sent from US to Spain where the vouchers were cashed and then to Russia. There are as many as 48 variants of this malware according to security experts which can forge messages from many Police departments in many European countries.  The malware has been in circulation as early as 2005 but it was refined by hackers for distribution in many countries which are mainly European countries as Europe was the major target.

Trend Micro, a leading online security firm, has estimated that these cyber criminals were raking in as much as million Euros per year from thousands of victims through this illegal scheme. Moreover, they also revealed that the gang was developing variants of the malware to be used in the U.S. and Canada further expanding their range of operation.

Group behind largest Ransomware campaign arrested by Spanish police

Group behind largest Ransomware campaign arrested by Spanish police

The Spanish Police got interested in the case in the May of 2011, when they received as many as 1200 complaints though many more people were affected actually. The police revealed that the 10 suspects arrested were involved in other aspects of the operation, while the Russian national arrested in Dubai was the one who developed the malware itself.

This operation of nabbing the gang was a highly coordinated one in which experts from the Trend Micro and Spanish authorities collaborated. The Trend Micro assisted the police in tracking the criminals using technology and then the police performed the arrests. This operation is a prime example of such collaboration between private organizations and authorities with the former providing the technological infrastructure to the latter so as to apprehend wrongdoers. Trend Micro has been associated in many such cases in the recent and this is another success for their e-crime unit.

Well, the Spanish authorities must be happy with the successful results of their coordinated operation as this is a big win against cyber crime.

Ransomware malware targeting Skype users

Security firm Trend Micro discovered a new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. A malicious worm is taking advantage of the Skype API to spam out messages that link to a ZIP files ie. skype_06102012_image.zip or skype_08102012_image.zip, which is actually detected as Troj/Agent-YCW or Troj/Agent-YDC by Antivirus.

Ransomware malware targeting Skype users

Ransomware malware targeting Skype users

According to definition – Ransomware is a form of malware in which rogue software code effectively holds a user’s computer hostage until a “ransom” fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website.

The message contains the question:

“lol is this your new profile pic? h__p://goo.gl/{BLOCKED}5q1sx?img=username”

or

“moin, kaum zu glauben was für schöne fotos von dir auf deinem profil h__p://goo.gl/{BLOCKED}5q1sx?img=username”

A list of worm files used in campaign:

hxxp :/ / goo.gl / SAOmJ
hxxp :/ / hotfile.com/dl/174771453/720762e/skype_03102012_image.zip.html

hxxp :/ / goo.gl / frbXD
hxxp :/ / hotfile.com/dl/174868532/a8009ef/skype_04102012_image.zip.html

hxxp :/ / goo.gl / agsIb
hxxp :/ / hotfile.com/dl/174887318/f59c5c2/skype_04102012_image.zip.html

hxxp :/ / goo.gl / AzaqI
hxxp :/ / hotfile.com/dl/175002041/debb544/skype_05102012_image.zip.html

hxxp :/ / goo.gl/QYV5H
hxxp :/ / hotfile.com/dl/175082698/230fce5/skype_05102012_image.zip.html

hxxp :/ / goo.gl / UPhHf
hxxp :/ / hotfile.com/dl/175180403/4b2da19/skype_06102012_image.zip.html

hxxp :/ / goo.gl/5q1sx
hxxp :/ / hotfile.com/dl/175339084/d951071/skype_08102012_image.zip.html

The executable installs a variant of the Dorkbot worm (also known as NRGbot), which appears to initiate large scale click-fraud activity on each compromised machine as well as recruiting it into a botnet. The Dorkbot variant infects the machine with ransomware that locks the user out and encrypts their files, before going on to charge them $200 to unlock the machine.

Ransomware is becoming an increasingly common tool in cyber criminals arsenal.