Security hacker

Victims Call Hackers’ Bluff as Ransomware Deadline Nears

With the clock ticking on whether a global hacking attack would wipe out his data, Bolton Jiang had no intention of paying a 21st-century ransom.

Since a week ago, when the malware first struck, Mr. Jiang has been busily fixing and replacing computers at the electronics company where he works in Shanghai. Paying is a bother, he said, and there was no guarantee he would get his data back.

“Even if you do pay, you won’t necessarily be able to open the files that are hit,” he said. “There is no solution to it.”

Tens of thousands of computer users around the world faced the same dilemma on Friday, their last chance to pay the anonymous hackers behind the ransomware attack known as WannaCry. The malicious software exposed the widespread vulnerability of computers and offered a peek at how a new type of crime could be committed on a global scale.

As part of the hacking, attackers demanded that individuals pay a fee to regain control of their machines, or face losing their data.

The latest strain of ransomware was particularly virulent, experts warned, because it had been based on software stolen from the National Security Agency. Law enforcement agencies in the United States and elsewhere have been hunting for the culprits, with attention focused on hackers linked to North Korea.

Despite a week of widespread disruption, the total ransom paid so far looks relatively modest. An online tracking system showed that the amount sent in the electronic currency Bitcoin to accounts listed by the attackers had begun to plateau on Wednesday, and had reached about $90,000 on Friday afternoon in Europe. Early estimates of what the virus could ultimately earn had ranged into the tens of millions or even hundreds of millions of dollars. Victims have seven days to pay from when their computers were originally infected, so the deadline will vary from case to case.

A number of people and companies have struck a defiant tone. The Japanese conglomerate Hitachi, which had been identified in the news media as a victim, declined to confirm those reports on Friday but said that it had no intention of paying a ransom and that it aimed to be fully secure against future attacks by Monday.

Nissan Motor, another Japanese industrial giant, also said it would not pay a ransom. Its factory in Sunderland, England, was affected, but the company said it had not lost data.

Owners of the more than 200,000 computers across the globe that have been hit by the malware face similar decisions. Those affected, including hospitals, government offices and universities, have lost access to business information, term papers and even medical records that could involve matters of life or death.

In Britain, whose National Health Service was one of the largest organizations affected by the ransomware, some medical institutions were…

The Global Cyberattack And The Need To Revisit Health Care Cybersecurity

National Health Service (NHS) ambulance outside of Waterloo Station, London.

Last week’s global cyberattack garnered wide media attention, as it spread across nearly 150 countries. Among its primary victims was the United Kingdom’s National Health Service system, causing massive shutdowns and inconveniences to the country’s health care infrastructure. Though certainly not the only internationally scaled cybersecurity threat in recent years, this attack’s consequential impacts should serve as a stark reminder of the significant vulnerabilities within the intersection of technology and medicine.

Accordingly, experts need to revisit a few areas of concern in the health care industry which may be conducive to increased cybersecurity threats in the coming years.

Hospital/Health Care Systems

The Department of Health and Human Service’s Office of Civil Rights, which oversees the enforcement of patient privacy laws such as HIPAA (Health Information Portability and Accountability Act), contends “that [the] personal health data of 30 million Americans has been compromised since 2009.” With the advent of electronic medical records and digital systems to store patient data, hospitals have become critically dependent on electronic media to provide patient care, and have thus become ripe targets for hackers which seek to extort or cripple large health care systems. Similar to the UK’s current crisis, extortionists often encrypt vital system and patient files, making it impossible to move forward with treatment or patient care. While some hackers cyber security seek payment prior to releasing the files, far larger concerns emerge when patient data itself is stolen, giving access to vital information about an individual’s health care records and overall biography. The potential misuse to this data is limitless, as medical records and specific patient files can fetch up to $500 to $1200 (per record) in unregulated forums.

Medical Devices

Revolutionary innovations in health care such as pacemakers, insulin pumps, and other medical implant devices have made it easy for patients to seek personalized and convenient care. However, many of these devices have…

Focus Turns to North Korea Sleeper Cells as Possible Culprits in Cyberattack

SEOUL, South Korea — They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection.

Since the 1980s, the reclusive North has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States. In recent years, cybersecurity experts say, the North Koreans have spread these agents across the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the homeland is attacked.

Now, this force of North Korean hacker sleeper cells is under new scrutiny in connection with the ransomware assaults that have roiled much of the world over the past four days. Signs have emerged that suggest North Koreans not only carried out the attacks, but that the targeted victims included China, North Korea’s benefactor and enabler.

While there is still nothing definitive to link the attacks to North Korea, similarities exist between the ransomware used to extort computer users into paying the hackers and previously deployed North Korean malware codes.

Moreover, North Korea has in the past deliberately timed cyberattacks to coincide with its banned weapons tests — like the ballistic missile launched on Sunday — as a way of subtly flaunting the country’s technological advances despite its global isolation.

Unlike its missile and nuclear weapons tests, however, North Korea has never announced or acknowledged its computer hacking abilities — if anything, the country has denied responsibility for hacking and other forms of computerized crimes.

It also is possible that North Korea had no role in the attacks, which exploited a stolen hacking tool developed by the National Security Agency of the United States. Early Tuesday, the Shadow Brokers, the hacking group that spread the tool and is not believed to be linked with North Korea, threatened in an online post to start a “Data Dump of the Month” club, in which it would release more N.S.A. hacking methods to paying subscribers.

Security officials in South Korea, the United States and elsewhere say it is a well-known fact that the North Korean authorities have long trained squads of hackers and programmers,…

Disney Should Tell ‘Pirates’ Hackers To Go Walk The Plank

Grab A Retirement Saver’s Tax Credit

Deadline reports that high-tech hackers have stolen a copy of Walt Disney’s upcoming Pirates of the Caribbean: Dead Men Tell No Tales two weeks before its May 26th opening day. The group threatens, so says The Hollywood Reporter, to release the Johnny Depp sequel in pieces, starting with the five-minute prologue and then in additional 20-minute chunks.

Disney CEO Bob Iger is currently refusing to pay a ransom, which means he is ignoring the advice both the FBI’s hacker units and Delroy Lindo. Disney is right to call their bluff. While the film being available online prior to release wouldn’t help the box office, recent history shows that it wouldn’t do that much damage either.

Now, for the record, online piracy is usually disastrous for a film. It can have horrific consequences for countless smaller and art-house offerings that end up on torrent sites the minute they are released via video-on-demand platforms. And even with the major studios, online piracy still hurts a movie like Midnight Special a heck of a lot more than Batman v Superman, which in turn discourages studios from distributing movies of that nature. At the end of the day, it’s still the online equivalent of shoplifting.

Removing morality from the equation for a moment, I would argue at the moment that the potential online leakage of Pirates of the Caribbean: Dead Man’s Chest may have minimal effect on the film’s global box office.

We’ve seen this play out a few times over the last decade, and pretty much every major case has had little to no effect on the eventual box-office take. The online release of a DVD-quality copy of Liam Neeson’s Taken, the R-rated version no less, was available online months before the film’s theatrical release in early 2009. Taken and Clint Eastwood’s Gran Torino, which also got leaked during what is now a regular part of the awards season (critics groups and awards groups get DVD screeners of award-friendly movies and those films tend to end up online), also did boffo box office that year, earning $145 million and $148m respectively in North America alone.

And in April 2009, a DVD-quality workprint of X-Men Origins: Wolverine somehow popped up online a month before its release. We all speculated as to the financial effect, but in the end, the terribly reviewed film still opened with $85 million and ended up with $373m worldwide with a vibrant post-theatrical lifespan. Since then, the most high-profile leak of a major movie came in August 2014, when The Expendables 3 was released in a DVD-quality copy three weeks prior to launch. That film was indeed a box office failure, earning just $39 million domestic and $214m worldwide against a $100m budget.

As tempting as it is to blame piracy, and without entirely discounting the illegal availability of said film, the real culprit was franchise fatigue in that scenario and the choice to go with a PG-13 rating for what was supposed to be a 1980s action throwback. Heck, the film made $72 million in China where piracy is considered an even larger problem. If the movie was better or R-rated, or if the first…

Pirates 5 Is Being Held Ransom by Actual Pirates

Here’s a little bit of art imitating life: hackers have obtained Disney’s upcoming Pirates of the Caribbean: Dead Men Tell No Tales, and are demanding the studio pay a ransom in order to get it back, Deadline reports. The very 2017 touch is that the hackers would like that ransom to be paid in Bitcoin. So, what will the studio do now that one of its most lucrative franchises is in danger of being dropped well before its May 26 release date? If the past is any indication—nothing, really.

Disney boss Bob Iger revealed news of the hacking to employees during an ABC town hall meeting on Monday, though he kept mum on exactly which film was stolen. He also shared, per The Hollywood Reporter, that the hackers said they would release five minutes of the movie if they did not receive their ransom, followed by 20-minute footage drops. Disney will not pay the hackers, he confirmed, preferring instead to work with F.B.I. investigators to determine who is behind the theft. Representatives for Disney have not yet responded to a request for comment.

Hacking of a major film or TV property is nothing new in the digital age. Just last month, hackers who use the alias the Dark Overlord pilfered the entirety of Season 5 of Orange Is the New Black, demanding an unspecified ransom from Netflix. When…

The Ransomware Attack Isn’t Over—Here’s How to Protect Yourself

If your computer’s running on Microsoft Windows, you need to take these steps—right away.

Here’s why: in case you haven’t heard, hackers exploited a vulnerability in older Microsoft Windows servers to execute a large-scale global cyberattack on Friday using ransomware — a malicious software that holds your computer hostage for ransom — and a hacking tool stolen from the U.S. National Security Agency (NSA). The massive attack left victims locked out of their PCs with a promise of restored access if $300 was paid in digital currency Bitcoin—and a threat of destroyed files if the ransom is not met.

Thus far, at least 200,000 computers have been infected in more than 150 countries, leaving everything from businesses and governments to academic institutions, hospitals and ordinary people affected.

How it works

The malware, which “spreads like a worm,” is transmitted through a phishing email containing a compressed, encrypted file. Since the file is encrypted, security systems do not identify the ransomware, called Wanna Decryptor, until after it is downloaded. Wanna Decryptor, a next-gen version of the WannaCry ransomware, gains access to a given device once the malware-filled file is downloaded: it then encrypts data, locks down the system and demands ransom.

Ransomware does not typically work this quickly. But thanks to a stolen NSA cyber-weapon called EternalBlue, which was made public last month by a hacking group known as the “Shadow Brokers,” the malware spread rapidly by exploiting a security flaw in Microsoft Windows servers.

What users need to do

Simply put: make sure your Microsoft Windows server is up to date. Microsoft issued a patch in mid-March to fix the hole in Windows 7 and other supported versions of Windows: Vista, Server 2008, Server 2008 R2, 8.1, Server 2012, RT 8.1, 10, Server 2012 R2, and Server 2016. But those who did not apply the software update were—and still are—left exposed to the hack.

In light of the attack, Microsoft rolled out patches to protect older versions of Windows that “no longer receive mainstream support” from the company like Windows XP, Windows 8, and Windows Server 2003. Those…

Microsoft says WannaCry ransomware attack is a wake-up call for governments

A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei on May 13.
A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei on May 13.

A global ransomware attack hit thousands of Windows-based computers late last week, locking users’ files and demanding Bitcoin payment to unlock them.

The attack, called WannaCry (or WannaCrypt), is a lesson to both the IT industry and consumers, Microsoft’s President and Chief Legal Officer Brad Smith argued in a blog post Sunday. But most of all, it is a wake-up call for governments, whose stockpiling of software vulnerabilities can be as dangerous as getting their missiles stolen.

According to Smith, all Windows computers that are fully updated are safe from the attack, and Microsoft has been “working around the clock since Friday to help all our customers who have been affected by this incident.”

And while the attack shows how important it is for users and companies to keep their computers updated — as well as tech companies such as Microsoft to promptly release security updates and make sure their…

If You Still Use Windows XP, Prepare For the Worst


As a vicious new strain of ransomware swept the UK’s National Health Service yesterday, shutting off services at hospitals and clinics throughout the region, experts cautioned that the best protection was to download a patch Microsoft had issued in March. The only problem? A reported 90 percent of NHS systems run Windows XP, an operating system Microsoft first introduced in 2001, and hasn’t supported since 2014.

NHS has disputed the 90 percent figure—though not that a significant portion of its systems run Windows XP—and was only one example of the tens of thousands of impacted computers across nearly 100 countries yesterday. But its meltdown illustrates the deeper problems inherent in Windows XP’s prevalence three years after its official demise.

Experts rightly that the best protection against the so-called WannaCry ransomware was to patch everything, as soon as possible. But for Windows XP and other expired operating systems, the patches weren’t there in the first place. With very few exceptions—including an emergency patch after the first wave of WannaCry infections—Microsoft no longer provides any security report for the OS. A computer running XP today is a castle with no moat, portcullis raised, doors flung open, greeting the ravaging hoards with wine spritzers and jam.

And it’s only going to get worse.

Expiration Date

Hackers have targeted XP for years. Its lack of defenses and persistent popularity make it a popular target. And it really does have a foothold; according to analytics company StatCounter, 5.26 percent of Windows PCs run XP still, while a similar analysis from Net Applications puts the total at just over 7 percent of all personal computers. No matter whose numbers you use, that amounts to tens of millions of devices, and that’s before you count the absurd percentage of ATMs and other non-traditional systems stuck in the past.

The natural question, given the absurd level of risk that comes with running Windows XP in 2017, is why on earth would anyone stick with it, much less millions of people and companies with so much to lose.

The problem stems in part from Windows XP’s initial popularity. “It was one…

FinalCode Predicts New Security Challenges for 2017

While most IT security professionals are well aware of the nature of cyber threats, many lack the predictive insights to pre-emptively do anything about new threats. Addressing that issue usually means turning to vendors who have proven expertise in the infosec domain. Case in point is San Jose based FinalCode, a company that specializes in bringing ease of use to securing data files. FinalCode has done extensive research into the nature of cyber threats and has some relevant predictions as to what may happen in 2017.

FinalCode board member Makoto Mizuyama said “We saw a constant stream of breaches in 2016 ranging from the embarrassing, such as the exposure of email addresses, to the ominous, such as IoT-based distributed denial of service attacks, to the manipulative, such as Russian hacking during the presidential campaign. The year’s bad news was capped in December with the announcement that one billion Yahoo accounts have been compromised.”

While those events are well documented, it may only be an indication of what is to come in the future, and that is where FinalCode is attempting to make an impact on the InfoSec market. For FinalCode, achieving that impact comes in the form of educating infosec professionals and by providing the tools to protect data. FinalCode is making it well known that rising challenges are facing those charged with protecting data. First and foremost, the company is warning the industry about the impact that the disappearance of the enterprise perimeter is having. Mizuyama said “The growth of cloud and mobile computing and the disappearance of the enterprise perimeter is exposing data to a rapidly growing attack surface. The opportunities for data exfiltration by attackers or accidental exposure also are growing along with it. As data becomes more mobile, organizations must separate file security from…

Did Russia Hack Macron? The Evidence Is Far From Conclusive

Meth Smokers Tried To Enter NSA HQ With Guns, Drugs And A Grenade, Government Claims

Leader of ‘En Marche !’ Emmanuel Macron addresses supporters after winning the French Presidential Election. Macron’s campaign was the subject of a hack, leading to a leak of 9GB of email data. (Photo by David Ramos/Getty Images)

It looks like Russia, it smells like Russia, so it’s probably Russia. So goes the current line of thinking in the security community as it tries to figure out who leaked reams of files pilfered from the campaign staff of the incoming French President Emmanuel Macron.

Take, for instance, FireEye, the cybersecurity firm credited with first identifying Democratic National Committee hackers known as APT28 and Fancy Bear as a Russian operation; that crew is now the number one suspect in the Macron attack, which saw data leaked Friday, just two days before the second round of the French election.

FireEye, as others have surmised, said the links between APT28 and the Macron hit are largely based on “TTPs” – tactics, techniques and procedures. The Macron attackers – from their phishing attempts to the public dissemination of data partly aided by Wikileaks’ Twitter account – used many of the same TTPs associated with previous APT28 activity, said FireEye’s head of cyberespionage intelligence John Hultqvist.

There were also two IP addresses both hosted in Europe, which served up phishing sites targeted at Macron’s En Marche campaign: and Those sites, set up in March and April, were originally attributed by Trend Micro to Fancy Bear (which it dubbed Pawn Storm) before the leaks.

But Hultqvist could only say the attack was “probably” carried out by APT28, a group the U.S. government claimed was run out of the Kremlin’s…