|
 After balking for several days, Tewksbury officials decided that
paying the modest ransom of about $600 was better than struggling to
unlock its own systems, said police chief Timothy Sheehan.
That case and others show how cyber-criminals have professionalized
ransomware schemes, borrowing tactics from customer service or
marketing, law enforcement officials and security firms say. Some
players in the booming underworld employ graphic artists, call
centers and technical support to streamline payment and data
recovery, according to security firms that advise businesses on
hacking threats.
The advancements, along with modest ransom demands, make it easier
to pay than fight.
“It’s a perfect business model, as long as you overlook the fact
that they are doing something awful,” said James Trombly, president
of Delphi Technology Solutions, a Lawrence, Massachusetts, computer
services firm that helped three clients over the past year pay
ransoms in bitcoin, the virtual currency. He declined to identify
the clients.
In the December 2014 attack on Tewksbury, the pressure to pay took
on a special urgency because hackers disabled emergency systems.
That same is true of additional attacks on police departments and
hospitals since then. But all sectors of government and business are
targeted, along with individuals, security firms said.
The total cost of ransomware attacks is hard to quantify. But the
Cyber Threat Alliance, a group of leading cyber security firms, last
year estimated that global damages from CryptoWall 3 - among the
most popular of dozens of ransomware variants - totaled $325 million
in the first nine months of 2015.
Some operations hire underground call centers or email-response
groups to walk victims through paying and restoring their data, said
Lance James, chief scientist with the cyber-intelligence firm
Flashpoint.
Graphic artists and translators craft clear ransom demands and
instructions in multiple languages. They use geolocation to make
sure that victims in Italy get the Italian version, said Alex
Holden, chief information security officer with Hold Security.
While ransomware attacks have been around longer than a decade,
security experts say they've become far more threatening and
prevalent in recent years because of state-of-the-art encryption,
modules that infect backup systems, and the ability to infect large
numbers of computers over a single network.
Law enforcement officials have long advised victims against paying
ransoms. Paying ransoms is "supporting the business model,"
encouraging more criminals to become extortionists, said Will Bales,
a supervisory special agent for the Federal Bureau of Investigation.
[to top of second column] |
But Bales, who helps run ransomware investigations nationwide from
the Washington, DC office, acknowledged that the payoffs make
economic sense for many victims.
"It is a business decision for the victim to make," he said.
Run-of-the-mill ransomware attacks typically seek 1 bitcoin, now
worth about $420, which is about the same as the hourly rate that
some security consultants charge to respond to such incidents,
according to security firms who investigate ransomware cases.
Some attacks seek more, as when hackers forced Hollywood
Presbyterian Hospital in Los Angeles to pay $17,000 to end an outage
in February.
Such publicized incidents will breed more attacks, said California
State Senator Robert Hertzberg, who in February introduced
legislation to make a ransomware schemes punishable by up to four
years in prison. The Senate's public safety committee was scheduled
to review that bill on Tuesday.
Some victims choose not to pay. The Pearland Independent School
District near Houston refused to fork over about $1,600 in ransom
demanded in two attacks this year, losing about three days of work
from teachers and students. Instead, the district invested tens of
thousands of dollars on security software, said Jonathan Block, the
district's desktop support services manager.
“This threat is real and something that needs to be dealt with,”
Block said.
The town of Tewksbury has also upgraded its security technology, but
Sheehan says he fears more attacks.
"We are so petrified we could be put into this position again," he
said. "Everybody is vulnerable."
(Reporting by Jim Finkle. Additional reporting by Dustin Volz.
Editing by Jonathan Weber and Brian Thevenot.)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
