Cyber-Crime In The Future?

Hackers are demanding $10m ransom for the return of patient records. Of course, there is nothing to say that when they return the data they won’t still have a copy of it – and carry out another piece of their threat – to sell it to the highest bidder.

This is ransomware on a grand scale – and with a potentially disastrous outcome, not only for the company but for the individuals concerned as well. While this type of activity has gone on in the past, it tends to be kept quiet and very low key, going public like this is unusual.

Should the company pay to get the records back? Well, they are caught between a rock and a hard place… I wouldn’t like to be the CEO having to call that one.

With the increasing realisation that all data is worth something (to somebody), so we will see an increase in the numbers of this type of incident. My guess is that there will be a softly-softly initial approach followed by a leak to the media if companies don’t pay up. Reputational damage can be impossible to recover from.

Electronic data is the lifeblood of virtually all companies these days and we need to protect it and the systems it is on - after all a transfusion is not an option.

May 6, 2009 | Filed Under data-loss, security | Leave a Comment 

Your Money Or Your Computer…

I’ve written before on the re-emergence of Ransomware and how dangerous it can be. Well, there’s a couple of new variants which are appearing – however, if you do happen to become infected, our chaps in Symantec Research Labs have figured out the code you need to enter to unlock your machine. The solution is not for the faint of heart but it works… of course, the best thing is not to get infected in the first place…

April 17, 2009 | Filed Under security | Leave a Comment 

Ransomware Is Back… And It’s Bad

Just so you know – ransomware is making a comeback. For those of you who haven’t come across the term, this is where your machine gets infected with some malware, perhaps through a virus attached to an email, but these days it is more likely to be through a download (especially from a social networking site). The malware encrypts all the data on your drive and then offers to decrypt it – for $50. This is an interesting amount, $50, not much or at least not much to worry about – if it was $5000 then you might think twice. Of course the question is… how are you going to pay them?!?!? Perhaps give them your credit card number or bank details… and they will take $50. And the other $1000+… So, perhaps its better not to pay!

How can you prevent it…? Well ensuring that you have anti-virus and anti-malware software installed and up to date is a good start. Then just be vigilant – make sure that when you are asked to download something, (a) you really need to and (b) it is from who you expect. As ‘insurance’, take regular backups – and keep them somewhere safe, not attached to the machine (as they will then be encrypted as well if they are an external hard disk or USB device.) Then if disaster strikes at least you have a copy. You will need to reformat the machine and reinstall the operating system, but at least you haven’t given away your credit card or bank account details and you still have your data.

June 18, 2008 | Filed Under data-loss, security | 2 Comments