Victims Call Hackers’ Bluff as Ransomware Deadline Nears

2


As part of the hacking, attackers demanded that individuals pay a fee to regain control of their machines, or face losing their data.

The latest ransomware attack was particularly virulent, experts warned, because it had been based on stolen software from the National Security Agency. Law enforcement agencies in the United States and elsewhere have been hunting for the culprits, with attention focused on hackers linked to North Korea.

Despite a week of widespread disruption, the total paid in ransom so far looks relatively modest. An online tracking system showed that the amount sent in the electronic currency Bitcoin to accounts listed by the attackers had begun to plateau on Wednesday, and had reached about $90,000 by early Friday. Early estimates of what the virus could ultimately earn ranged into the tens of millions or even hundreds of millions of dollars. Victims have seven days to pay from when their computers were originally infected with the malware, so the deadline will vary from case to case.

A number of people and companies have struck a defiant tone. The Japanese conglomerate Hitachi, which had been identified in the news media as a victim, declined to confirm those reports on Friday but said that it had no intention of paying a ransom and that it aimed to be fully secure against future attacks by Monday.

Nissan Motor, another Japanese industrial giant, also said it would not pay a ransom. Its factory in Sunderland, England, was affected, but the company said it had not lost data.

Owners of the more than 200,000 computers across the globe that have been hit by the malware face similar decisions. Those affected, including hospitals, government offices and universities, have lost access to important files such as business information, term papers and even medical records that could involve matters of life or death.

Yet cybersecurity experts have generally advised those affected not to pay.

“It costs the perpetrators peanuts to carry out an attack like this,” said Rafael Sanchez, an international breach response manager at Beazley, an insurer in London that has handled thousands of ransomware attacks for corporate clients. “And any ransom will only likely lead to more attacks,” he added.

While some who paid regained access to their files, according to the Finnish cybersecurity firm F-Secure, security analysts caution that there is no guarantee all WannaCry victims will. That the attackers listed only three addresses as payment destinations means it would be difficult to determine which victims had paid, and therefore whose files to decrypt.

Ransomware Attack: More Coverage

“It looks like the attackers had no intent in decrypting anything,” said Tom Robinson, co-founder of Elliptic, a company in London that tracks online financial transactions involving virtual currencies that helps organizations respond to digital attacks.

As victims faced an agonizing choice on Friday over whether to pay or risk losing their data, cybersecurity experts said that they had developed a potential way to decrypt individual machines without having to hand over the ransom. The technique, however, depended on how long infected computers had been hijacked by the online attackers, and required a high level of technical expertise.

According to law enforcement agencies, paying could leave victims vulnerable to being targeted again, and it also presents a technical challenge for the many people affected who have never used Bitcoin before.

Many are not familiar with the electronic currency, which does not answer to any of the world’s central banks. Many national governments and institutions also have rules about not paying ransoms.

In Britain, whose National Health Service was one of the largest organizations affected by the ransomware attack, some medical institutions across England and Scotland were still struggling to get back on their feet.

Barts Health, one of the country’s largest hospital groups, said that it had been forced to cancel 20 percent of outpatient appointments, as well as to cut back on nonemergency surgeries.

In Berhampur, a city of about 380,000 on India’s eastern coast, two computers at the Berhampur City Hospital were hit by the WannaCry malware. Dr. Saroj Mishra, assistant health officer for the surrounding district of Ganjam, said that most of the data had been recovered — and that health officials had no intention of paying the hackers.

“We don’t have the permission to pay the hackers,” Dr. Mishra said. He added, “there is no question of compromising. It is a matter of investigation.”

In other cases, those affected simply cannot afford to pay.

In China, where pirated software is believed to have contributed to the ransomware spreading, about 4,000 of the 40,000 institutions affected are educational establishments. On Chinese social media, many students reported being locked out of final term papers.

“The hacker asked for $300 to $600,” said Zhu Huanjie, a college student in Hangzhou. “Average students can’t afford that.”

The identity of the perpetrators remains unclear. Some early signs pointed to hackers that cybersecurity specialists had previously linked to North Korea, but the experts warn that the evidence is far from conclusive.

Some attacks could also come from so-called copycats, experts say, muddying attempts to catch those behind the initial cyberattack.

Xu Hengyu, the information technology manager of a Shanghai entertainment company, Renxing Pictures, said the firm had intended to send more than $720 to hackers threatening to delete two months’ worth of data. But when Mr. Xu tried to negotiate the price down, he said the hackers responded in Chinese and told him he could wire the money to a Chinese bank account in China’s currency, the renminbi, rather than in Bitcoin. Mr. Xu said he was unsure whether the hackers were the same as those behind the WannaCry attack.

“We thought about reporting to the police, but we haven’t so far,” he said. “We thought if this problem could be solved by the direct payment, we’d rather stay that way and not go to the police, as the police must already have many cases.”

He added, “We still prioritize data recovery over everything else.”

Continue reading the main story

Source link

قالب وردپرس

You might also like More from author

Leave A Reply

Your email address will not be published.