Stolen nude photos and hacked defibrillators: is this the future of ransomware?

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: August 3, 2017 at 7:05:05 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Stolen nude photos and hacked defibrillators: is this the future of ransomware?
> Reply-To: dewayne-net () warpspeed com
>
> Stolen nude photos and hacked defibrillators: is this the future of ransomware?
> Hackers behind attacks such as WannaCry might not have become hugely rich, but that doesn’t mean they are going to 
> give up any time soon
> By Alex Hern
> Aug 3 2017
> <https://www.theguardian.com/technology/2017/aug/03/ransomware-future-wannacry-hackers>
>
> The destructive potential of ransomware, the malicious software that is used to extort money from victims, is huge: 
> in the first half of 2017, two major outbreaks, WannaCry and NotPetya, led to service outages from organisations 
> around the world.
>
> A third of the UK’s National Health Service was hit by WannaCry, and the outbreak was estimated by risk modelling 
> firm Cyence to have cost up to $4bn in lost revenues and mitigation expenses. Then, a month later, NotPetya 
> (so-called because it is not Petya, another type of ransomware with which it was initially mistaken), brought down a 
> significant chunk of the Ukrainian government, pharmaceutical company Merck, shipping firm Maersk, and the 
> advertising agency WPP, as well as the radiation monitoring system at Chernobyl.
>
> But while both outbreaks wrought huge costs on the organisations they infected, they were surprisingly unrewarding 
> for their creators. 
>
> The WannaCry payment address has taken just $149,545 (£113,814) to date, while the NotPetya address took much less: 
> £8,456 ($11,181).
>
> The problem the criminals face, says Marcin Kleczynski, the chief executive of information security firm 
> Malwarebytes, is that “people have become desensitised to common ransomware, where it just encrypts your files”. The 
> criminals hope that people will face the loss of their digital memories, or critical business documents, and pay a 
> few hundred dollars for the key to decrypt them. In practice, says Kleczynski, a growing number of victims simply 
> shrug their shoulders and restore from a back-up.
>
> “You look at the bitcoin addresses, they’re not well-funded. You see a couple of thousand dollars at best,” he adds. 
> “So how does the criminal step up his or her game?”
>
> Kleczynski, and his colleague, Adam Kujawa, who directs research at Malwarebytes, predict that criminals will evolve 
> new ways of encouraging victims, both corporate and individual, to pay up rather than simply restoring from back-ups 
> and ignoring the payment request.
>
> New on the scene is a form of ransomware known as “doxware,”. “Basically what it says is ‘pay, or we’ll take all the 
> stuff we encrypted and we’ll put it online with your name on it’,” says Kujawa.
>
> The name comes from “doxing”, the term for publishing private information on the internet to bully, threaten or 
> intimidate, and the idea of automating it isn’t hypothetical. A number of similar attacks have already occurred in 
> the wild. At one end of the spectrum was the Chimera ransomware, which hit German companies in 2015. The malware 
> encrypted files and asked for around £200 ($260) to return them, but also came with the warning that if victims did 
> not pay up, “we will publish your personal data, photos and videos and your name on the internet”.
>
> Chimera, however, didn’t actually have the capability to publish anything online – the warning was bluster, designed 
> to scare victims into paying up. But in other cases, the threat of publishing data is very real.
>
> In May, hackers stole files from a Lithuanian plastic surgery clinic, containing highly personal information about 
> 25,000 former clients: names, addresses and procedures performed, as well as passport scans, national insurance 
> numbers and nude photos of patients. They put the database online through the encrypted network Tor, and asked for 
> payments from individual patients to remove their personal information from the site. Prices started at €50 for those 
> patients who just had names and addresses in the site, but rose to €2,000 for the more invasive information stolen.
>
> Just this week, HBO faced its own threat, with 1.5TB of video stolen by hackers – including unaired episodes of Game 
> of Thrones – and being held to ransom. 
>
> But currently, the hack-and-leakers are working on a manual, boutique basis: picking their targets where they can 
> find them, and doing the hard work of monetising the attack manually.
>
> [snip]
>
> Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
> Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170803094544:099FFAC6-7852-11E7-8D54-EF30456F00B4
Powered by Listbox: http://www.listbox.com