The Crippling Hidden Costs of Ransomware

At this point, the devastating impact ransomware can have on organizations in any industry have been witnessed the world over. Earlier this year, one hospital in Southern California was infected with Locky ransomware. The facility had to pay hackers $17,000 to get its systems back online, and this was after it declared an internal state of emergency. A few months later, the FBI announced that encryption malware was on pace to steal $1 billion from organizations in 2016.

While these costs and occurrences are alarming in and of themselves, they don’t necessarily illustrate just how financially damaging ransomware can be to organizations. There are hidden costs in addition to the initial ransom that are less talked about, but no less crippling.

Downtime and Remediation Costs

As we clearly saw from the Los Angeles hospital incident, system downtime is extraordinarily troubling – records were kept using pen and paper, and external communications took place via fax machine. However, downtime is as expensive as it is inconvenient. According to research from the Ponemon Institute, IT-related downtime costs businesses, on average, $7,900 per minute. In fact, DARKReading contributor Andrew Hay ran the numbers for the ransomware that impacted the aforementioned hospital, and it came up with this number : $533,911. That, according to Hay, is the total amount of estimated revenue that the facility lost, in addition to the $17,000 ransom.

Still, that’s only the tip of the iceberg. These “downtime” expenses don’t necessarily account for the longer-term, hard-to-quantify expenses, such as reputational damage, or what Hay refers

Hackers Are Raiding Retailers’ IT Networks

Managing endpoints in a retail environment poses a slew of security complications. The industry has been heavily targeted by hackers in the past year or so.

Specifically, cybercriminals have leveraged difficult-to-detect point-of-sale malware such as BlackPOS (the culprit behind the infamous Target breach), AbaddonPOS, CherryPicker, CenterPOS, RawPOS and finally ModPOS – a strain that researchers called “by far the most sophisticated POS malware,” upon its discovery in late 2015. The reason ModPOS is so terrifying is because in addition to its memory-scraping capabilities, it has a keylogger that helps it gather local network information such as metadata. In effect, this makes it possible to bypass encryption.

EMV Is Not a Silver Bullet

In late August, clothes retailer Eddie Bauer announced that it was the victim of a payment card data breach, and that customers who used their card at stores in the U.S. or Canada between Jan. 2 and July 17 may have been affected. These types of announcements have become fairly commonplace, but this one was different.

According to IT World Canada, the unnamed strain of POS malware is believed to have been designed to work against magnetic stripes as well as EMV cards. At the time of this writing, it remains inconclusive if EMV cardholders were also affected. Nevertheless, all customers in the stated timeframe, including those who made their purchases with the new chip-card technology, have been notified of the breach.

“EMV technology isn’t a panacea for POS malware.”

More recently, hackers managed to break into a cloud-based point-of-sale system that is responsible

Better Computer Management Is a Matter of National Security

Military and law enforcement agencies have long benefited from the ability to wirelessly and remotely access information while on the job. However, as mobile endpoints play an increasingly central role in supplying field officers with real-time data, they may also introduce new cyberthreats. Consider, for instance, the dangers associated with a lost or stolen military Toughbook that ends up in the hands of criminals and ends up posing a risk to national security.

Criminal Justice Information Services (CJIS) guidelines aim to mitigate some of these risks through certain provisions such as strong password management, multi-factor authentication requirements and email encryption, just to name a few.

While adherence to CJIS standards will enhance cybersecurity, compliance can’t be your agency’s only defense strategy. Hackers are becoming increasingly sophisticated, and in some cases, are backed up by nation states. The bottom line is that it takes a lot more than compliance to protect military and law enforcement field endpoints.

The Department of Justice Data Breach

An example of what’s at stake for military and law enforcement agencies occurred in early 2016, when the Department of Justice was breached after hackers managed to access an insider’s email account. From here, the intruders were able to “social engineer” their way into the DOJ intranet, and subsequently access critical databases. According to Computerworld’s Darlene Storm, the hackers then stole and dumped “9,000 DHS [Department of Homeland Security] employee names, email addresses, locations, telephone numbers and titles” on the web.

Soon after, the cyberattackers executed a second data dump, this

Hackers Hamstring Uncle Sam : Voter Data Stolen by Cyberattackers

Hackers have gone after the U.S. government for a variety of purposes: to steal personally identifiable information of government employees, in an effort to pilfer trade secrets, to commit tax fraud and more. Recently, however, they sought to undercut the government by going after its lifeblood : registered voters.

According to the Chicago Sun Times, hackers accessed personal information belonging to as many as 200,000 registered voters in the state of Illinois. Illinois State Board of Elections General Counsel Ken Menzel stated that the cyberattackers first infiltrated the online voter registration portal. From there, they managed to access a database holding personal information belonging to residents of Illinois – despite having blocked the IP addresses of hackers and shutting down the system upon learning of the breach.

“Hackers accessed voter registration data, including names and addresses, dates of birth and in some cases, the last four digits of Social Security numbers and driver’s license or state ID numbers.”

Arizona also fell prey to a breach of its voter registration data; however, reports suggest that the infiltration was much more limited than that of the Illinois board of election.

What We Know About the Breach So Far

“The breach was orchestrated using an SQL injection.”

The breach first came to light in late August, when the FBI notified the affected states of the incident. The agency subsequently issued warnings to other state election boards to look into any possible indicators of an incident.

All eyes were on Russia immediately following the breach, according to

New ‘Fantom’ Ransomware Haunts PC Admins

A new strain of malware – Fantom ransomware – was discovered in late August, and it’s spooking IT administrators all over the world.

Like most other forms of EDA2-based ransomware, Fantom works by creating an un AES-128 key. It will then encrypt it using RSA, an asymmetric cryptographic algorithm, and upload it to the malware developers’ server. Once the program is on a victim’s system, it will scan local drives, encrypt specific file types (up to 350 different types), replace extensions with “.fantom” and display a ransom note which provides directions for contacting the hackers (specifically via email) and regaining access to files.

In this sense, Fantom isn’t unique in its technical execution. At the end of the day, it’s how the malware is delivered that really makes it so sinister.

A Conniving Social Engineering Scheme

In what may just be the cleverest ransomware scheme since PETYA (which infected human resources users by hiding in fake job application emails), Fantom is delivered through a fake Windows Update screen. The forgery is apparently so convincing that “most users, including business users, recognize and even trust [it],” according to Comodo.

Once the user initiates the installation, a file named “WindowsUpdate.exe” will launch. At this point, a Windows update display will commandeer the screen. Again, the ruse is convincing enough that most enterprise users wouldn’t suspect foul play at this point. However, what appears to be a Windows update is in actuality masking the fact that your files are being encrypted.

“There is no means of decrypting Fantom,”