Connect with us

Technology

Ransomware Continues To Plague Baltimore

Baltimore continues to struggle 2 weeks after Robinhood ransomware first struck the vulnerable city Click To Tweet

Published

on

Baltimore | Photo By: mk30 | CC BY 2.0

In a time when productivity is equated to technological capacity, cities are easily crippled when they are held hostage by malicious software. As more sophisticated and complex attacks on computer systems arise, more protection needs to be invested in fending off persistent hackers from gaining access and control.

Two weeks ago, the City of Baltimore was the most recent victim of ransomware. Ransomware works by locking up files using encryption so users can’t access them. Hackers can then demand payment in exchange for cyber keys to access the data.

The New York Times reported that Baltimore’s voice mail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations were all held from access.

At least 1,500 pending home sales have been delayed according to a letter from a group of congressional lawmakers in Maryland requesting information on the attack from the directors of the FBI and the Secret Service.

The Baltimore Sun, who obtained a copy of a ransom note left on a Baltimore City computer, reported that the ransomware variant was identified as RobbinHood, a new form ransomware attack we know little about.

Moreover, the note demanded payment of 3 Bitcoins in exchange for freeing the city’s systems, but the hard-to-track and fluctuating cryptocurrency was equivalent to about $17,600 per system or 13 Bitcoins totaling to $76,280 2 weeks ago. Today, it would cost Baltimore nearly $24,000 per system or 13 Bitcoins about $102,000 for all of them.

It also said that ransom must be paid within four days, or the price would go up, and that after ten days, the city would not be able to get its data back.

The note warned the city against calling the FBI, saying that would prompt the attackers to cut off contact. It also said that attempts to use anti-virus software would damage the city’s files. The ransomware’s procedures are automated, the note said, “so don’t ask for more times or something[s] like that.”

“We won’t talk more, all we know is MONEY!” the note said. “Hurry up! Tik Tak, Tik Tak, Tik Tak!”

However, just like in any case of a hostage situation, governments cannot simply give in to the demands. There needs to be a careful and well-thought decision of whether or not they should pay any said amount. By surrendering to the said demands, it would show vulnerability and attract other hackers to attack.

Meanwhile, this wasn’t Baltimore’s first encounter with hackers. Just barely a year ago, a similar attack affected the city’s phone system — where it shut down automated dispatches for 911 and 311 calls.

Lester Davis, a spokesman for Democratic Mayor Bernard C. “Jack” Young said that the new attack in Baltimore was similar to one that affected the city of Greenville, North Carolina, last month.

Today, Google’s systems identified email accounts of government officials to be part of an organization and shut down the temporary accounts. They created new Gmail accounts as a workaround the problem with the on-going Robinhood ransomware.

Emails to the city health department, city council aides, and the mayor’s office bounced on Thursday, according to the report from The Baltimore Sun.

In a statement, a Google spokesperson said that their security systems identified a discrepancy — when multiple accounts were created from the same server within a short period of time and caused the Gmail accounts to shut down, says The Verge. “We have restored access to the Gmail accounts for the Baltimore city officials,” the spokesperson said. “Our automated security systems disabled the accounts due to the bulk creation of multiple consumer Gmail accounts from the same network.”

If the set of events prove one thing, it’s that government offices should be looking to invest in making their systems have more secure and complex protective software to avoid future cases of ransomware and be subjected to intimidation and threats from anonymous hackers. Especially when things like cryptocurrencies are present that makes it even harder for law enforcers to track and catch the perpetrators.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

These Series Of Ransomware Attacks Is More Than Just For Ransom — And The Government Should Listen And Investigate

Experts warn that the series of ransomware attacks against US City and state agencies is a message that the government should listen to. Click To Tweet

Published

on

Experts warn that the series of ransomware attacks against US City and state agencies is a message that the government should listen to.
Ransomware are plaguing city governments and experts warn that it will get worse. Photo: Christiaan Colen | Flickr | CC BY-SA 2.0

The ransomware epidemic is growing stronger, and researchers and tech experts warn that it will get much worse. Many ransomware attacks have been launched against city governments, private businesses, and have effectively shut down the system and social services in different states across the U.S.

According to a report by a cybersecurity firm Recorded Future, the recorded attacks rose from 38 in 2017 to 53 in 2018, and researchers noted that those numbers are expected to rise in the next few years.

Ransomware is not a new phenomenon. While malware remains to be the biggest threat in cybersecurity, ransomware is gaining traction in notoriety. In a typical ransomware attack, the attacker will send a Trojan, a worm, or malware to a system — to demand payment in exchange for the remedy to the ransomware. Sometimes, attackers threaten to publish the victim’s database or other secured information hidden within its system in exchange for a ransom.

Starting from around 2012, the use of ransomware scams grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This result marks a 229% increase over the same time in 2017.

In June 2014, vendor McAfee released data showing that it had collected more than double the number of samples of ransomware that quarter than it had in the same quarter of the previous year. CryptoLocker was particularly successful, procuring an estimated $3 million before it was taken down by authorities, and CryptoWall was determined by the US Federal Bureau of Investigation (FBI) to have accrued over the $18 million by June 2015.

Atlanta ransomware attack

Probably one of the most significant and most damaging ransomware attacks in recent U.S. history, Atlanta had become one of the latest victims of ransomware attacks back in March 2018. The offense has knocked almost all of the city’s agencies offline, causing most of the social services to freeze including scheduling court cases and paying utility bills online. Furthermore, the ransomware has effectively caused decades worth of official correspondence to disappear in thin air.

Reports reveal that it took the city more than $17 million in costs to recover from the devastating effects of the ransomware.

Several tech experts have said that other cities should take the case of Atlanta to be a “wake-up” call for how vulnerable local and state governments were to these types of cyber crimes – and how underprepared they are to resist them. However, it seems like these calls have fallen to deaf ears.

More and more cities are being attacked

Just over 12 months later, Baltimore is in the throes of its costly ransomware attack. Now in its sixth week, the attack has left officials unable to process payments and even respond to emails. And Baltimore is not alone. In just the last two months, there have been ransomware attacks in Greenville, North Carolina; Imperial County, California; Stuart, Florida; Cleveland, Ohio; Augusta, Maine; Lynn, Massachusetts; and Cartersville, Georgia.

Related: Social Services Paralyzed Following A Ransomware Attack On Albany, New York

Increasing security defenses in companies shifted the target to government agencies

As corporations improve their security firewalls to prevent attacks like malware and ransomware against their systems from happening, hackers have found new ways to infiltrate vulnerable municipal and city systems whose defenses are much weaker. Add to that the fact that many cities and states are starting to digitize their records and services in recent years, making their juvenile systems vulnerable to all sorts of cyber crimes.

Read: Ransomware Are Plaguing American Cities And Experts Warn That It Will Get Worse

“The government knows it needs to change, but they move slowly compared to how quickly private business can pivot to manage their exposure to a new threat,” Gary Hayslip, a cybersecurity expert who previously acted as a chief information security officer for San Diego, said. “Until it is mandated that cities, counties, and states meet a specific level of security and have to demonstrate it as is done in business for compliance periodically, government entities will continue to be low-hanging fruit and cybercriminals don’t mind eating them for lunch.”

Moreover, because of improvements in technology and the availability of information online, it has become easier for cybercriminals to launch an attack. “On the dark web, there are lots of available tools for relative novices to craft together pretty effective pieces of ransomware technology,” said Chris Kennedy, chief information security officers at cybersecurity company AttackIQ. “It’s the ‘Idiots Guide to Hacking.’”

Read More: Ransomware Outbreak In Arizona Shuts Down Businesses

But with the growing number of cities and state agencies falling victims to ransomware attacks, will the government now listen? Maybe.

Continue Reading

Technology

A New Strain Of ‘Houdini’ Malware Is On Sale For $50 Per Month In The Black Market

The new Houdini malware targets financial institutions and their customers.

Published

on

A new strain of the Houdini malware known as Hworm has been discovered and it is now on sale in blackmarkets for $50 per month subscription.
A new strain of the Houdini malware known as Hworm has been discovered. Photo: Christoph Scholz | Flickr | CC BY-SA 2.0

When someone mentions Houdini, it is almost instantly recalled to the world’s greatest magician and escape artist. But, cybercriminals have found a way to transform the man’s legacy into something feared and unwanted. A new strain of the Houdini worm has been detected by security researchers and has launched a new series of campaigns against financial institutions and their customers.

A few days ago, a report from cybersecurity researchers from Cofense confirmed that a new strain of the Houdini malware – also known as Hworm – was released by its creators on June 2, 2019.

The new Houdini malware only took five days to start wreaking havoc and seek out victims via malicious phishing campaigns. According to the report, the main goal of the malware is to steal online banking credentials which the culprits could later use to make fraudulent online purchases. It uses a tool dubbed as WSH Remote Access Tool (RAT).

“Houdini Worm (HWorm) – a misleading name because it has more in common with a bot or RAT than a worm – has existed since at least 2013 and shares extreme similarities with what is undoubtedly its malignant siblings: njRAT and njWorm. This new iteration comes ported to JavaScript (JS) from HWorm’s original codebase of Visual Basic. WSH is likely a reference to the legitimate Windows Script Host, which is an application used to execute scripts on Windows machines,” wrote the researchers in a blog post.

How does it work?

The cybercriminals masqueraded the phishing campaign as legitimate emails from various financial institutions and banks. One particular bank used by hackers is HSBC. The fraudulent emails contain .MHT web archive files which act the same way as HTML files.

The phishing email delivering WSH RAT within an attachment . Photo: Cofense

“The email attachment contained an MHT file that is used by threat operators in the same way as HTML files. In this case, the MHT file contained an href link which when opened, directed victims to a .zip archive containing a version of WSH RAT,” they added.

When the MHT file, which contains a web address link, was executed, it directs the victims towards a .zip archive containing the WSH RAT payload. WSH RAT uses the same configuration structure that Hworm uses for this process.

WSH RAT is a version of HWorm which has been ported to Javascript from HWorm’s original Visual Basic setup but acts in the same manner as the original malware. The Trojan not only uses the same Base64 encoded data — which Cofense describes as “mangled” — but also the same configuration strings, with default variables named and organized in the same way for both types of malicious code.

The Trojan first communicates with a command and control server, controlled by the cybercriminal, request three additional .tar.gz files. These files, however, are PE32 executables which provide the Trojan with a Windows keylogger, a mail credential viewer, and a browser credential viewer module.

It is also noteworthy that these modules were developed by other third parties and cannot be attributed to the original creator of the Houdini worm. Furthermore, reports reveal that the malware is being actively sold in underground forums and the black market. The price point for the infection is said to be at $50 per month subscription basis. Sellers are marketing their product by waxing eloquent about WSH Rat’s Windows XP and Windows 10 compatibility, evasion techniques, credentials-stealing capabilities, among others.

New malware variants are sprouting

Only recently, researchers from Google has discovered a Linux-based strain of another prevalent malware, Winnti, which was attributed to the high-value attack against a Vietnamese gaming company a few years back by some Chinese hackers.

Researchers made the discovery from the Chronicle, Alphabet’s cybersecurity department. The researchers revealed that they found a Linux variant of the Winnti malware that works as a backdoor on infected hosts, granting attackers access to compromised systems.

According to the Chronicle, the malware that they have discovered comes in two parts: a rootkit to disguise the malware in the infected host and the actual backdoor Trojan. Further analysis the discovered Linux variant of the Winnti malware bears a lot of similarities to the malware’s Windows version. Other connections with the Windows version also included the similar way in which the Linux variant handled outbound communications with its command-and-control (C&C) server — which was a mixture of multiple protocols (ICMP, HTTP, and custom TCP and UDP protocols).

Continue Reading

Technology

‘Pavlok’ SmartTech Bracelet Stops Bad Habits With Electric Shocks

Need a stronger approach to stopping your bad habits? Pavlok is ready to zap you into good behavior. Click To Tweet

Published

on

Photo: Fitnish Media | Unsplash.com

Studies suggest that it takes 21 days to make or break habits. The truth is, it’s not the longevity that most people struggle with — it’s the consistency. Enter Pavlok, a wearable tech that uses aversive conditioning — a kind of negative reinforcement — to keep you from your bad habits is now available in Amazon.

How does it work?

Pavlok is made of two parts: a one-size-fits-all wristband and an app that is available in Android and iOS. The band uses electric shocks, ranging from low to high setting, to enforce negative stimuli when you engage in your bad habits. It is the digital form of snapping your wrist with a rubber band when you bite your nails or sneak a quick cigarette break.

According to its Amazon webpage, Pavlok has sold more than 50,000 units since its official launch in 2015. Behavioral Technology Group Inc., the company responsible for the product, has since released two versions of Pavlok. It has also released a new product called Shock Clock, an alarm clock that zaps its user awake.

History of Pavlok

Maneesh Sethi, the CEO, and founder of Behavioral Technology Group, Inc. claims to have the idea for Pavlok when he created an experiment back in 2014. He shared in a blog post that he hired a girl from Craiglist to slap him whenever he went on Facebook. Based on his experiment, he increased his productivity and concluded that aversive conditioning worked for him.

In 2014, Sethi put up Pavlok on crowdfunding website Indiegogo to create their initial prototype. It targeted to get funding of $50,000 and walked away with more than $250,000 with a total of 1,763 backers.

Despite success in crowdfunding, Pavlok’s popularity soared only on May 20, 2016, when it was featured on the last episode of Shark Tank‘s season 7. Sethi refused Kevin O’ Leary’s offer because he doesn’t want to work with him. Even though Sethi’s venture on the popular hit show was amiss, he continued working on his digital aversive conditioning technique.

Mixed Reviews

Users on Amazon and blogs have mixed reviews with this unconventional wearable tech. Testimonials are available on Pavlok’s website, boasting success on breaking bad habits like nail biting, stopping cookie addiction, and eating too many sugary snacks.

While others swear by the results, others felt that Pavlok’s expectations fell short. With Pavlok 1, users have to manually zap themselves when they engage in a bad habit. Users reported that after some time, they learned to ignore the electric shocks or forget to zap themselves.

As an improvement, Pavlok included a feature which would allow your friends to zap you when they caught you red-handed. Aside from that, they integrated an IFTTT feature, which would allow users to input conditions for when they will receive their shocks. For example, if you are trying to remove your nail biting habit, you can simply input Pavlok to zap you when you lift your hand to your mouth. Of course, it only works when you use the hand which has the Pavlok device.

Future of Wearable Tech

Pavlok is just one of the hundreds of wearable tech designed to improve users’ quality of life. Apple is set to release Apple Watch OS 6, which includes a menstrual cycle tracker. It is a much-awaited update after the launching of Apple Watch Series 4 last September 2018.

Starkey, a company focused on producing hearing aids, launched Livio AI last year as well. It is a hearing aid marketed for people who do not need any hearing aids. It features integrated sensors to detect noisy environments and lessen them, thereby reducing the user’s exposure to noise pollution. It also boasts an almost perfect language translation app that lets you understand 27 languages.

With the rise in popularity of these products, wearable tech has a bright future.

Continue Reading

Trending