by Brad Frischkorn
Tokyo (JPN) Sep 09, 2016
The latest twist on the age-old criminal art of extortion has come a long way since an anonymous note was scratched on paper. These days, hackers demand payment from computer users while holding their data hostage.
It's a brave new world, and 'ransomware' is emerging as the biggest, baddest threat in cyberspace. Ransomware - malicious software that scrambles the data on a victim's PC and then asks for payment before restoring the data to its original state - is real, growing, and increasingly global. According to the U.S. FBI, victims are paying upwards of $150 million per year due to rogueware attacks, a category which includes ransomware and fake antivirus scareware scams.
And the casualty count is only rising. In 2015, 2,500 cases of ransomware costing victims $24 million in the U.S. alone were reported to the FBI's Internet Crime Complaint Center. Overall, attachment-based (vs. URL delivered) malware attacks were up 600% over the span. The AV-Test Institute, a leading global IT security provider, registers 390,000 malicious programs every day.
Ransomware can be downloaded unwittingly, dropped or downloaded by other malware, or delivered by spammed email.
"Large or small, corporate or individual, nobody is really totally safe from ransomware attack - including hospitals, schools, state and local governments, and even law enforcement agencies," says Tadao Otahara, director of security software developer Trend Micro's network security group at a recent Tokyo IT expo. "Worse, hackers usually demand payment in bitcoins or other forms of currency, which are nearly impossible to trace."
About a quarter of all attacks are reported in the U.S., followed by Germany (13%), the Netherlands (11%), Russia (9%), and France (5%), according to various data sources. Japan has yet to crack the top 10, but that gives little solace to security experts in the world's No. 3 economy.
"At the national level, there isn't much coordination regarding how to deal with really malicious threats like ransomware. It's the private sector's job to come up with the solutions," says Mr. Otahara, whose firm supplies about a quarter of the security software for domestically sold computers.
"The good news is that Japan is not often in the crosshairs of big-time hackers - yet," he adds. "But that could change very quickly."
Like many security companies, Trend Micro has its own set of solutions to deal with hackers. Its Premium and Maximum Security 10 packages are designed to stop the two most common forms of ransom-ware: the screen-locking type and the encryption type. Both keep users from accessing their files.
"The technology is rapidly evolving, but the defense is usually at least a few steps behind the offense," says Mr. Otahara, "It's just the nature of the business."
Details of some recent, high-profile ransomware incidents are enough to startle anyone familiar with a keyboard. Earlier this year, Horry County Schools in South Carolina was hacked through an outdated network server, locking computers that contained sensitive intellectual property and lesson plans. After at first refusing to pay the ransom, the district buckled, and eventually sent nearly $100,000 in Bitcoins in return for the decryption key.
In February, the Hollywood Presbyterian Medical Center in Los Angeles came under an attack that locked computers and encrypted patient information, making routine medical exams impossible and sending doctors and nurses back to pen and paper to keep track of procedures. With critical patient data at risk, the Medical Center ended up paying $17,000 worth of Bitcoins - a 'bargain' compared to the hackers' initial $3.6 million demand.
The FBI estimates that cybercriminals have collected $209 million in the first quarter of 2016 alone using ransomware attacks, almost 10 times last year's entire total, putting it on a billion-dollar-a-year pace.
Moreover, as more household devices become networked to the "Internet of Things" (IoT), new opportunities are likely tempt criminals to hack unsecured devices, say experts. At the recently-concluded DefCon 24 hacker's conference in Las Vegas, two U.K.-based security researchers created ransomware able to infect and lock up a home thermostat that ran on a Linux operating system.
"The run-up to the 2020 Tokyo Summer Olympics will put Japan increasingly on the radar of international hackers who may want to target anything they can get their hands on," says Mr. Otahara. "It's not hard to imagine that teams of monitors working 24 hours a day will be necessary to keep watch."
Japan News - Technology, Business and Culture
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2017 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement|