Thursday, February 18, 2016

Hospital surrenders to the blackmail and pays 17.000 $

The ransomware had hit the mark and affected vital parts of Los Angeles Presbyterian Hospital IT systems. So they have decided to do what any cybersecurity expert don't recommend: paying the rescue. We'll expand it, as well as the irruption of a new ransomware with the sign of the Dridex bank trojan and a didactic text about how to make money with the Android malware. We'll finish with the victims of a good part of these "critters", the SMEs, to whom free courses are offered.

"The quickest and most effective way to restore our systems and administrative functions was to pay the ransom to obtain the decryption key. We did this thinking it was the best to restore normal operations", has explained Allen Stefanek, the president of the hospital. The strike has been really important and would have affected the electronic medical systems used in the clinic operations.

Locky = Dridex

One point for criminals and we keep playing for bingo: the band behind one of the most dangerous and common bank trojans, Dridex, have just moved to the ransomware with Locky. This specimen enters via MS Word files with malicious macros, pretending to be attached bills in an email. Locky used the same botnet than Dridex and the same Bitcoin wallet.

Make money with malware

We keep talking about malware because from Hipasec they tell us the multiple ways to monetize Android virus and trojans: ads, subscription to SMS Premium services, credential and more information robbery, zombies creation for a botnet, etc. We have this information thanks to Koodus, an interesting tool to detect and analyze malware focused on Android, a creation of the same team which launched VirusTotal.

Free courses

We finish with a commendable campaign made by the Spanish National Cybersecurity Institute (INCIBE), directed to the more than possible victims of this malware: SMEs and freelancers. Until April they will offer courses in different Spanish cities to improve the understanding and security, and to promote the good practices in cybersecurity as well. There are free courses, in the morning, with limited seats and you still can join them. INCIBE has created an interactive map to make it more easy.

There's not better weapon than education for a good cybersecurity!


Post a Comment