Recent Ransomware Attacks:
- The Sacramento Regional Transit (SacRT) system was recently the target of a ransomware attack demanding one Bitcoin in payment. The hackers displayed a warning message on the organization’s website, which tricked employees into going into their system to see if any data had been lost, resulting in the deletion of 30 million operational files. No actual data was stolen, however, and the SacRT IT staff prevented the attack from spreading by shutting down and rebooting the system. The SacRT indicated it refused to pay the ransom, which was valued at approximately $8,000 at the time of the attack.
- The city of Spring Hill, Tennessee was hit by a ransomware scam demanding $250,000. The attack, which affected “several other local government agencies” according to coverage by Government Technology, locked the city’s servers, temporarily halting debit and credit payments. The city has since fully recovered and has launched an investigation into what led to the incident.
- At the end of October, TechRepublic published a recap of the 10 worst ransomware attacks of 2017 (so far). Variants covered include NotPetya, WannaCry, and Locky. For the full list, which is based on Webroot data, visit the TechRebublic website.
- KQED, one of the largest public media companies in the US, recently profiled the ongoing saga of what they have come to call the “Great KQED Ransomware Attack.” The attack led to wide-ranging computer crashes, loss of phone and internet access, and a myriad of other issues that had staff adopting a “whatever works” motto in order to keep news operations running. KQED’s own coverage of the incident indicated that the company briefly considered paying the $27,000 ransom but ended up following the FBI’s advice to refuse payment. Jon Brooks, the reporter covering the attack, said, “I asked John Reilly, who’s done a lot of consulting in his career, if he’d ever seen an organization experience the level of disruption KQED had. ‘No, not through an attack,’ he said.”
- A strain of ransomware known as DoubleLocker has been targeting the Android OS by changing a phone’s PIN and encrypting all of the device’s stored data. The malware exploits fake Adobe Flash Player apps, and it tricks the user into granting administrative permissions, thus enabling the ransomware to set itself as the default home application. The clever attack demands a ransom of approximately $54 to recover the victim’s stored data.
- The BadRabbit ransomware attacks, which reportedly spread via a fake Adobe Flash update on compromised websites, initially targeted Russia and Ukraine, and eventually spread to include Germany, the US, and Japan. Once infected, affected networks were scanned for shared folders, with the malware attempting to steal and exploit user credentials to access other devices. Kaspersky Labs has found evidence of an “elaborate network of hacked websites” linking the attacks to NotPetya. Authorities are still trying to determine who was behind the global attack.
- Up to 400,000TB of SSD storage was reportedly lost due to downtime after a ransomware attack hit Toshiba’s systems, forcing them to shut down the Japanese division of their NAND flash memory production for up to six weeks. There is speculation that the shutdown affected the “already tight global supply” for this type of memory and “could end up driving prices even higher than they already are.”
- Roughly 26,000 MongoDB databases were wiped over Labor Day weekend by three different hacking entities who demanded Bitcoin ransoms of varying amounts. Not much else is known about the attacks, which were reported by SC Magazine.
Subscribe to the Proofpoint Blog