Data for ransom is hot hacking trend
Hospitals are a popular target and now Macs are vulnerable
It’s been called the “hot hacking” trend of 2016, but ransomware is a trend you should hope you never become a part of.
The malicious software gets its name because once it infects your computer it encrypts all of the files on your device — and then demands a payment from you before giving you access to them again.
Earlier this month, a ransomware attack that infected Apple products became a news story because the company’s products had traditionally been seen as less of a potential target, due to their smaller user base and more secure operating system.
But an even more disturbing aspect to the ransomware trend is the number of hospital websites that have become targets of this type of data hostage-taking.
In the latest case, the website for the Norfolk General Hospital in Simcoe, Ont., had become host for a ransomware variant called TeslaCrypt, which spread the malicious software to the site’s visitors, according to MalwareBytes, a California-based company that sells protective software for consumers and business.
“Some of the users of our antiexploit product went to this hospital website and we protected them from an infection,” said Jérôme Segura, senior security researcher for MalwareBytes. “I saw it was a hospital, I reproduced the attack very shortly after we got those reports in our lab and was infected with ransomware.”
TeslaCrypt demands $500 to recover the personal files it encrypts, and that payment doubles after a week.
There were similar attacks on Hollywood Presbyterian Medical Center in Los Angeles and the Ottawa Hospital.
In the Hollywood case, the hospital admitted to paying the hackers $17,000 (U.S.) to regain access, as they felt it was the quickest way to get back up and running.
The Canadian hospitals have been luckier, with only a handful of machines affected. In both cases, the computers were pulled off the network and cleaned.
Segura believes it was an outdated version of the Norfolk hospital’s content management system, Joomla, that allowed it to become infected.
Gerry Hamill, communications specialist at Norfolk General, said three staff computers were infected, but once the issue was brought to their attention, it was dealt with.
“Our website has been upgraded and our Internet provider and our web designers have both worked on this situation. As far as we are concerned, the site is now clean of any issues,” said Hamill. “And at no time was there any risk of patient information being corrupted or at risk.”
Hamill said staff were told to be aware of what type of files they click on and that site maintenance and being up to date were essential.
That is the same advice Segura offers to most people.
“There are dozens of different types of ransomware,” he said. One variant, called Cryptowall, doesn’t even require you to download anything.
“If you visit the page and have a Windows computer that you haven’t patched in a while, or don’t have the latest versions of the Flash Player, Explorer or Silverlight, you can get infected within seconds just by browsing the site,”
In the industry, Segura and his colleagues refer to those kind of attacks as “drive-by” installations. He’s also particularly interested in “malvertising,” a short form of malicious advertising that is also on the rise.
Just last week, the New York Times, BBC and the NFL sites were hit after a series of infected ads was delivered through multiple ad networks. The ad served up a web page that delivered ransomware and gained access through a Silverlight vulnerability that had recently been patched.