News

Actions

Why ransomware attacks keep happening

Posted at 12:06 AM, Jun 28, 2017
and last updated 2017-06-28 00:06:36-04

SAN FRANCISCO — A new global ransomware attack has targeted businesses around the world, demonstrating how easy it is for hackers to extort money by taking advantage of outdated technology.

It’s the second major cyberattack in less than two months, coming hot on the heels of the WannaCry worm that hit computers across more than 150 countries in May.

Researchers are still investigating the attack that erupted Tuesday, locking users out of their computer systems and demanding $300 in Bitcoin in ransom.

These recent large-scale infections may make ransomware seem like a new problem, but it’s not. It’s been around since at least 1989 and has become an increasingly lucrative business for criminals.

Attackers are now more sophisticated. They can create malware faster, use anonymous digital currencies like Bitcoin to demand ransom and employ powerful hacking tools that are publicly available online.

“Criminal organizations have always found innovative ways to extort money,” Lesley Carhart, digital forensics expert, told CNNTech. “This is a lucrative way. It plays on people’s emotional and financial reliance on their computers and digital storage for everything.”

By late Tuesday, roughly $8,500 had been deposited in Bitcoin accounts linked to the attack.

The amount of money such attacks generate keeps going up. According to recent research from Symantec, the average ransomware attack made $1,077 last year, a 266% increase from the year before.

And victims keep paying up — despite warnings not to from law enforcement and cybersecurity experts, who say there’s no guarantee people will get everything back.

Security firm Kaspersky Lab said Tuesday’s ransomware attack used exploits previously leaked in a batch of hacking tools believed to belong to the U.S. National Security Agency.

These tools take advantage security holes in some Windows operating systems. Microsoft released a patch for these flaws in March, but many companies are still at risk because they didn’t patch their systems. The WannaCry attack in May also used one of the same exploits.

Companies don’t patch for a variety of reasons: their machines don’t support the patch, it’s too expensive to do it, it might disrupt their services or they simply forget about an outdated computer on their network.

Large-scale ransomware attacks will continue to happen because businesses still have holes in their systems and because government-grade hacking tools are widely available, said Jon DiMaggio, a threat intelligence researcher at Symantec.

“We now have these elite weapons that can be used by pretty much anyone,” DiMaggio said.

Previously ransomware criminals would specifically target their victims. WannaCry was the first time researchers saw a large-scale ransomware that could worm its way through networks. Tuesday’s attack spread in a similar way.

But such widespread attacks may not be the smartest way for hackers to make money.

About $130,000 in ransom payments from the WannaCry attack is still sitting in Bitcoin accounts being monitored by cybersecurity researchers. Experts say it will be difficult for the attackers to do anything with the money without it being traced by governments and cyber sleuths.

According to Michael Kaiser, executive director of National Cyber Security Alliance, there are ways to reduce the risk of ransomware attacks: Update software as soon as patches become available, use strong security like two-factor authentication for logging into accounts and regularly backup your system.