WGNO

Ransomware: A malicious gift that keeps on giving

When businesses are hit with ransomware, it's not just the ransom amount that could financially hurt. The time spent trying to get systems back online and potential revenue lost in the meantime makes a lasting impact, too.

Large-scale ransomware attacks will continue, and they’ll likely get worse, experts warn.

Ransomware, you may remember, is a nasty computer virus designed to hold data hostage until you pay a specific fee.

Massive attacks this year have amounted to a wake-up call for some about the dangers of ransomware. Extorted companies lose productivity, and people’s health may be at risk if ransomware targets hospitals.

Last February, officials at Hollywood Presbyterian Hospital in Los Angeles said they paid the Bitcoin equivalent of $17,000 to cybercriminals after patient and doctor records were locked for almost two weeks. The hospital says it had to resort to handwriting to cope with the computer lockdown.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” said Allen Stefanek, president of Hollywood Presbyterian Medical Center, in a statement. “In the best interest of restoring normal operations, we did this.”

A huge attack in May that spread around the world and hit more than 300,000 machines in over 150 companies was blamed on ransomware. Hospitals, major companies and government offices were among those that were affected.

Another attack in June, initially suspected of being ransomware, affected dozens of Ukrainian, Russian, European and American firms. Researchers later determined that the attack, nicknamed NotPetya, was a sophisticated virus, but not ransomware.

Spy games?

Experts say, there also may be a bit of cloak-and-dagger involved in all this.

The May attack was blamed on malware called WannaCry, which targeted businesses running outdated Windows machines or people who didn’t update their software. It leveraged an exploit — a tool designed to take advantage of a security hole — leaked in a batch of hacking tools believed to belong to the ultra-secret National Security Agency.

The NSA and other spy agencies are known to develop high-powered hacking tools for intelligence gathering or law enforcement.

But under current laws, they don’t have to report the flaws to the company at risk.

Some privacy advocates say that if the NSA had disclosed the vulnerability when it was first discovered, the outbreak may have been prevented.

The NSA did not respond to CNN’s request this week for comment.

Edward Snowden, the whistleblower who exposed the broad scope of NSA surveillance in 2013, tweeted, “If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.”

Security researchers say firms that fail to keep their software up to date are also responsible for the ransomware outbreak. The organizations involved in the May incident had two months to update their Microsoft products, which would have protected their systems.

But the problem is, many companies are still at risk because they don’t patch their systems. Companies don’t patch for a variety of reasons: their machines don’t support the patch, it’s too expensive to do it, it might disrupt their services or they simply forget about an outdated computer on their network.

Security patches are free — but there is a cost in the employee time required to apply the patches — also the cost of dealing with service interruptions, and fixing problems that are triggered because of the new system. In addition, sometimes new software doesn’t work with older software or older machines.

Large-scale ransomware attacks will continue to happen because businesses still have holes in their systems and because government-grade hacking tools are widely available, said Jon DiMaggio, a threat intelligence researcher at global security company Symantec.

“We now have these elite weapons that can be used by pretty much anyone,” DiMaggio said.

For some, Ransomware may seem like a new problem, but it’s not. It’s been around since at least 1989, according to Symantec.

One potential fallback solution to prevent losing computer files forever is to make digital copies periodically.

Individuals, companies, and government agencies — if they’re careful and diligent — do make backups regularly.

But even this option doesn’t always work, because if a computer system is connected to a backup when it is infected with ransomware, the virus could spread to the backup as well.

What the FBI says you should do

But the FBI says if your computer is infected, do not pay ransomware.

“Paying a ransom doesn’t guarantee an organization that it will get its data back — we’ve seen cases where organizations never got a decryption key after having paid the ransom, said FBI Cyber Division Assistant Director James Trainor.

“Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity,” he said. “… by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”