Hackers are discovering that it is far more profitable to hold your data hostage than it is to steal it.
A decade-old internet scourge called ransomware went mainstream on Friday when cybercriminals seized control of computers around the world, from the delivery giant FedEx in the United States to Britain’s public health system, universities in China and even Russia’s powerful Interior Ministry.
On Saturday, investigators could not yet tell who was behind the attack as security experts around the world raced to contain it. Across Asia, several universities and organisations said they had been affected. Renault, the European automaker, said on Saturday that its French operations had been hit, while one of its plants in Slovakia was shut down because of the digital outbreak.
Computer users in the United States so far were less affected after a 22-year-old British cybersecurity researcher inadvertently stopped the ransomware attack from spreading more widely.
Ransomware is nothing new. For years, there have been stories of individuals or companies horrified that they have been locked out of their computers and that the only way back in is to pay a ransom to someone, somewhere who has managed to take control.
But computer criminals are discovering that ransomware is the most effective way to make money in the shortest amount of time. The advent of new tools that wrap victims’ data with tough encryption technology, hard-to-trace digital currency like Bitcoin, and even online sites that offer to do the data ransoming in return for a piece of the action, have made this method of cybertheft much easier.
“You don’t even need to have any skills to do this anymore,” said Jason Rebholz, a senior director at the Crypsis Group who has helped dozens of victims of ransomware.
Ransomware has allowed people who are not computer experts to become computer thieves. It used to be that hackers had to be a little creative and skilled to get money out of people. There were fake antivirus scams that promised to clean up your computer — for a fee.
Sometimes they resorted to so-called Trojan horse programs that lay in wait on e-commerce or banking sites, ready to get your credit card numbers. And there was old-fashioned hacking, grabbing all sorts of personal credentials that could be sold on the so-called dark web.
Four years ago, investigators were pursuing roughly 16 variants of ransomware that were predominantly being used on victims in Eastern Europe. Now there are dozens of types of ransomware, and they are supported by an entire underground industry. And catching and convicting the people responsible is difficult.
Friday’s attacks were a powerful escalation of earlier, much smaller episodes. Hackers exploited a vulnerability in Microsoft servers that was first discovered by the National Security Agency and then leaked online by a group of unknown hackers last month. It allowed the ransomware to spread from server to server, encrypting as many files as it could, and holding more than 70,000 organisations victim in the process.
As of Saturday afternoon, several Bitcoin accounts associated with the ransomware had received the equivalent of $33,000, according to Elliptic, a firm that tracks online financial transactions involving virtual currencies. And the number could grow.
©2017 The New York Times New Service