The use of ransomware, in which hackers encrypt a computer's files and then demand a hefty bounty from the victim, is on the rise. And it's probably only going to get worse: the FBI has issued a warning to agencies and contractors about new attacks taking control of entire networks at a time.
“In a new scheme, cyber criminals attempt to infect whole networks with ransomware and use persistent access to locate and delete network backups,” states the FBI Flash memo written by the agency's Cyber Division. Documents like this are often sent to contractors and agencies so their systems can be updated or prepared for attacks otherwise, and sometimes include information from ongoing investigations.
In this particular document, which is dated February 18, 2015 but was distributed last month, the FBI writes that unnamed businesses were recently infected with a variation of ransomware called “MSIL/Samas.A.” Many of the tools used in this intrusion are freely available through Windows or open source projects, the document continues, and the hackers tried to manually find and delete backups.
Several larger scale ransomware campaigns have been reported recently. In February, a hospital ended up paying $17,000 to hackers who encrypted their files, and on Monday, a spokesperson from a Ottawa hospital confirmed that its own computers had been targeted with ransomware.
On Tuesday, Reuters reported that attackers who used tools and tactics associated with Chinese government supported hackers had recently broken into the ransomware business. In three different companies, hackers took over more than 100 computers in each.
The FBI Flash lays out some of the usual advice given to thwart ransomware: creating an offline backup, keeping a eye out for suspicious links in emails, and keeping software up to date.
“The threat of ransomware continues to grow due to the relatively availability of necessary tools, as well as the potential for extorting large sums of money,” the FBI Flash reads.