Software Infrastructure Global Viewpoint – March 2016

Broadcasters Attacked By Ransomware

The recent computer hack attack on Sony Pictures was a wake-up call for broadcasters in that they too could be affected by malware. Other broadcasters are discovering that their computer networks are equally vulnerable targets.

Headline in last week’s Wilmington, NC Star news, “WHQR hit with 'Ransomware' attack”. The radio station's computer system had been hacked with pop-ups demanding a ransom payment.

Station manager, Cleve Callison said, “It looked for several days as if these things were so badly compromised that we would never be able to reconstruct them. And just the psychic toll of people thinking, 'Things that I've worked on for nearly a decade and that I rely on every day might be lost forever."

The station hired Hooks Systems, a Wilmington computer company, to try and recover the data that had been encrypted by the hackers. During the effort, the company discovered that the attack may have originated in Latvia.

Callision concluded, “I wouldn't want anybody, non-profit or for-profit, to go through the trauma that we went through. I'm angry that we would be subject to this kind of thing. I'm not one to just shrug it off and say, 'Oh, that's the internet for you.' I think these are really awful people that did this and I think if there's a way to track these people down, we would explore that."

Other businesses affected

Last month a Altimore, CA hospital’s entire computer system was frozen as hackers demanded a ransom. After several days of moving all patient and business records by paper the hospital surrendered and payed a ransom of $17,000 rather than continue operations without computers.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. Hospital CEO Allen Stefanek said. “In the best interest of restoring normal operations, we did this.”

According to a recent article from CNBC, many of the hackers have customer service departments to walk victims through how to pay a ransom with bitcoins.

Even the large Australia broadcaster, ABC, was hacked in 2014.

The network was forced to suspend programming out of Sydney, Australia and move broadcast operations to Melbourne after their network was targeted by Ransomware. The malware prevented normal operations, resulting in ABC News 24 going off air for more than 30 minutes.

The network said, "There was an IT security issue this morning which affected some of the ABC's broadcasting systems and created technical difficulties for ABC News 24. As a result we broadcast stand-by programming from 9.30am before resuming live news broadcasts from Melbourne at 10am. We are now operating normally."

The CryptoLocker-like malware was delivered to other public institutions outside of the news agency, including Telstra and Energy Australia. Staffers at ABC were Phished by fake Australia Post emails reporting a failed delivery. The Phishing emails themselves are rather simple in nature, but effective nevertheless, given that programming was suspended while IT responded to the attack.

CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows. Experts believe it was first posted to the Internet on September 5, 2013.

CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows. Experts believe it was first posted to the Internet on September 5, 2013.

Plan for the worst

Lisa Yeo, assistant professor of information systems and operations management at the Sellinger School of Business at Loyola University said, "These people aren't interested in stealing the data. They are blocking your access to it so it's really a denial of service. You don't have access to what you need in order to run your business in this case.”

She said it's important for business owners to have a plan just in case they have no other choice but to pay.

"Know in advance. Are you going to pay the ransom? Do you have insurance? Do you have alternate ways to restore your data so you don't have to pay? Because I, personally, would not have to pay, but the reality is sometimes you don't have time," Yeo said.

Computer security experts normally recommend people not pay the ransom, though at times law enforcement agencies suggest they do, said Adam Kujawa, Head of Malware Intelligence for Malwarebytes, a San Jose-based company that produces anti-ransomware software.

It’s difficult to know how many victims pay the ransom, because many who do don’t reveal it. “Unfortunately, a lot of companies don’t tell anybody if they had fallen victim to ransomware and especially if they have paid the criminals,” Kujawa said, “but I know from the experiences I hear about from various industry professionals that it’s a pretty common practice to just hand over the cash.”

The online currency, Bitcoins, is hard to trace, and therefore the preferred way for hackers collect a ransom, noted FBI Special Agent Thomas Grasso, who is part of the government’s efforts to fight malicious software including ransomware.

Bitcoins are the most common method of ransom payment. They are hard to trace and currently worth about 0 each.

Bitcoins are the most common method of ransom payment. They are hard to trace and currently worth about $400 each.

During 2013, the number of attacks each month rose from 100,000 in January to 600,000 in December, according to a 2014 report by Symantec, the maker of antivirus software.

A report from Intel Corp.’s McAfee Labs released in November said the number of ransomware attacks is expected to grow even more in 2016 because of increased sophistication in the software used to do it.

McAfee estimates that on average, 3 percent of users with infected machines pay a ransom. It’s not clear how many of those users were individuals and how many companies. Some ransomware attacks go unreported because the victims don’t want it publicized they were hacked

The FBI says be proactive

  • Keep antivirus software up-to-date
  • Enable automated patches for your operating system and web browser
  • Have strong passwords, and don't repeat passwords
  • Use a pop-up blocker
  • Only download software from sites you know and trust
  • Don't open attachments in unsolicited e-mails and never click on a URL contained in an unsolicited e-mail
  • Conduct regular system back-ups and store backed-up data offline
  • Let us know what you think…

    Log-in or Register for free to post comments…