Hot October: Ransomware Attacks

The struggle between computer security and a hacker is a classic case of confrontation between armor and a shell: the increase in the advantages of one side forces the other to build up its own forces. In this war, local defeats cannot be avoided. Therefore, it would be unfair to blame the victims of cyber-attacks mentioned in this article for being careless.

Perhaps the owners and administrators of the networks did everything they could, but the hackers were lucky in these cases, and they prevailed. However, the frequency of news about incidents with data theft, especially in state and municipal institutions, is alarming.

FBI warnings

October began with a symbolic warning from the US Federal Bureau of Investigation: there is a growing threat of cyber attacks on US businesses and organizations aimed at obtaining a ransom. Many drew attention to the part of the message, which described the official attitude of the bureau to the fulfillment of the attackers’ demands by victims.

The FBI continues to oppose ransom payments, as it encourages criminals to search for new victims. However, in some cases, it refers to the owners of computer systems with the understanding that they can go to fulfill the requirements of hackers to protect the interests of their customers, shareholders, and employees.

Extortion in Europe

US intelligence has repeatedly shown concern for American organizations, but the European city has come under attack. On the night of the first of October, criminals seized control of the municipal computer systems of the Spanish Jerez de la Frontera.

Hackers blocked the work of web services of several city institutions and demanded an undisclosed amount in bitcoins for the restoration of access. The Spanish Ministry of the Interior has sent three computer security specialists to the city. Mayor Mamem SANCHEZ then announced that municipal systems will not be restarted until their security level reaches 100 percent. Judging by the fact that the website of Jerez de la Frontera is now functioning properly, the actions of the administration were successful.

... and in the USA

The computer systems of the American state medical organization DCH Health System, managed by a community from Alabama, were infected with the Ryuk ransomware virus on Monday, October 1st.

Attackers encrypted the patient’s medical records and blocked the work of three hospitals. The management of the organization decided to stop the reception of new patients, organize care and maintain the health of those already under treatment, and, if necessary, transfer the needy to other local medical institutions.

By the weekend, the undisclosed amount of the ransom was paid to hackers, and DCH Health System specialists received the keys to decrypt the data and began to restore the computer systems.

... and in Africa

On October 25, hackers who called themselves the “ Shadow Kill Hackers Group” gained control of the computer systems of Johannesburg, the largest city in South Africa. Unlike the incidents described above, in this case, the data was not encrypted. Criminals reported that due to a variety of backdoors (illegal access methods), they got full control over Johannesburg's IT-systems.

The city authorities were asked to transfer four bitcoins to the specified wallet. If the requirement is met, all the information collected by hackers should have been destroyed, and computer system administrators will receive a full description of the vulnerabilities. Otherwise, the attackers threatened to make public all the data (including the IDs) of citizens that used the computer systems of the city.

The Johannesburg administration decided not to indulge the ransomware: important city services were turned off, experts began to investigate, restore access and eliminate vulnerabilities. It is worth noting that this is the second cyberattack on important computer systems in the South African city this year: in July (in South Africa it is mid-winter), the computers of the city energy company were attacked by a virus that left many residents without electricity.

Ransomware business

Three cases of successful cyberattacks, of course, are far from being a complete list. Also in October, computer systems of a large German technology company Pilz were hacked.

From October 13, for about half a month, the specialists of this company restored their systems after the attack of the ransomware virus, supposedly called BitPaymer. The list goes on TrialWorks, Wyoming Area School District, Groupe M6.

Computer systems that penetrate every corner of our life bring not only deliverance from routine, convenience, and entertainment, but also many threats: the more complex the system, the more vulnerabilities it has. People who know well how everything is arranged, having sufficient desire and an insufficient amount of conscience, can make a profit from this, as October of this year showed us.

And if you think that only attacks on large organizations that can pay huge sums immediately are beneficial for hackers, then you will be right, but only partially. Intelligent devices and networks surround people everywhere, including their homes, and can create security threats in the most unpredictable places. This was well demonstrated by computer security experts, who managed to give orders to the devices of the "smart" house, using a conventional laser pointer, while being outside the building.

The overall attitude towards computer system security must change. People must not be surrounded by devices that are too smart and complicated to understand, and therefore not under their control. However, it is probably already too late.