by Selena Larson @selenalarsonJune 27, 2017: 11:44 PM ET
Cyberattack WannaCry possibly linked to North Korea code
A new global
ransomware attack has targeted businesses around the world, demonstrating how
easy it is for hackers to extort money by taking advantage of outdated
technology.
It's the second major
cyberattack in less than two months, coming hot on the heels of the WannaCry worm that hit computers across
more than 150 countries in May.
Researchers are still
investigating the attack that erupted Tuesday, locking
users out of their computer systems and demanding $300 in Bitcoin in ransom.
These recent large-scale
infections may make ransomware seem like a new problem, but it's not. It's
been around since at least 1989 and has become an
increasingly lucrative business for criminals.
Attackers are now more
sophisticated. They can create malware faster, use anonymous digital currencies
like Bitcoin to demand ransom and employ powerful hacking tools that are publicly
available online.
"Criminal
organizations have always found innovative ways to extort money," Lesley
Carhart, digital forensics expert, told CNNTech. "This is a lucrative way.
It plays on people's emotional and financial reliance on their computers and
digital storage for everything."
By late Tuesday, roughly
$8,500 had been deposited in Bitcoin accounts linked
to the attack.
The amount of money such
attacks generate keeps going up. According to recent research from
Symantec, the average ransomware attack made $1,077 last year, a 266% increase
from the year before.
And victims keep paying
up -- despite warnings not to from law
enforcement and cybersecurity experts, who say there's no guarantee people will
get everything back.
Security firm Kaspersky
Lab said Tuesday's ransomware attack used exploits previously leaked in a batch
of hacking tools believed to belong to the
U.S. National Security Agency.
These tools take
advantage security holes in some Windows operating systems. Microsoft (MSFT, Tech30) released a patch for these flaws
in March, but many companies are still at risk because they didn't patch
their systems. The WannaCry attack in May also used one of the same exploits.
Companies don't patch for a variety of reasons:
their machines don't support the patch, it's too expensive to do it, it might
disrupt their services or they simply forget about an outdated computer on
their network.
Large-scale ransomware
attacks will continue to happen because businesses still have holes in their
systems and because government-grade hacking tools are widely available, said
Jon DiMaggio, a threat intelligence researcher at Symantec.
"We now have these
elite weapons that can be used by pretty much anyone," DiMaggio said.
Previously ransomware
criminals would specifically target their victims. WannaCry was the first time
researchers saw a large-scale ransomware that could worm its way through
networks. Tuesday's attack spread in a similar way.
But such widespread
attacks may not be the smartest way for hackers to make money.
About $130,000 in ransom
payments from the WannaCry attack is still sitting in Bitcoin accounts being monitored by
cybersecurity researchers. Experts say it will be difficult for the
attackers to do anything with the money without it being traced by governments
and cyber sleuths.
According to Michael
Kaiser, executive director of National Cyber Security Alliance, there are ways
to reduce the risk of ransomware attacks: Update software as soon as patches
become available, use strong security like two-factor authentication for
logging into accounts and regularly backup your system.
CNNMoney (San Francisco)First published June
27, 2017: 11:44 PM ET
http://money.cnn.com/2017/06/27/technology/ransomware-why-keep-happening/index.html?section=money_technology&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fmoney_technology+%28CNNMoney%3A+Technology%29&ito=792&itq=7afb4fb9-e1ce-482c-97e7-3f80b2d33b9c&itx%5Bidio%5D=8812325
No comments:
Post a Comment