Ransomware Takes Nasty New Twist

John Lister's picture

The FBI has asked businesses for urgent help dealing with a new form of ransomware. The attack is designed to compromise an entire network, rather than just a single computer.

Ransomware is a form of malware that damages a computer in a way that's usually reversible - but only by the malware creators. Commonly it involves encrypting files or even an entire hard drive so that they can't be accessed without a key, which is only provided when the victim hands over a fee.

Last month the FBI put out a warning of a form of ransomware dubbed MSIL/Samas.A. It targets a security vulnerability in a web server called "JBoss", which is commonly used by large businesses for web-based applications.

FBI: 'We Need Your Help!'

Originally, the FBI did not describe the issue as a major problem. That's changed however with an updated new bulletin that flat out states "We need your help!"

That change appears to be because the people behind the ransomware have developed a tool that can scan the Internet looking for business networks that are vulnerable to the attack. Once such a network is discovered, the attackers can remotely install the software and begin the blackmail process.

Cisco says the culprits appear to be targeting organizations such as hospitals, where being unable to use computers can be hugely disruptive, increasing the incentive to pay up. Indeed, it appears they are even experimenting with pricing, upping their demanded fee to unlock a single computer by 50 percent, but offering a bulk discount to clear an entire network. (Source: bbc.co.uk)

Whole Network Could Be Out of Action

Being able to infect an entire network makes ransomware attacks much more powerful. Locking up a single machine is an inconvenience, but many firms can work around the issue if they have a good back-up procedure. Locking out the whole network makes it much more likely the disruption will be so severe that management will decide to pay the ransom.

The FBI advisory is confidential, but a copy has been seen by Reuters. It includes a list of warning signs that a network has been compromised, along with a plea for companies to immediately tell the FBI if they suspect such an attack. (Source: reuters.com)

What's Your Opinion?

Are you concerned that ransomware appears to be getting more destructive? Are you relieved that more sophisticated attacks on businesses might mean the attackers lay off on individual consumers? Can a network connected to the Internet ever be truly safe?

Rate this article: 
Average: 4.4 (14 votes)

Comments

shulco1_6765's picture

if any of the people who write and distributes ransomware should get a min. sentence of 65 years or more. not only are they stealing your money but in many cases your very livelihood. they rob you, your employer, and each of your respective families.
NO Pity for the low life.

ifpusr's picture

targeting hospitals? zero clemency.

casey jones's picture

Give 'em a fair trial and hang 'em.