Ransomware became three times as expensive in 2016

The average price to free your computer from ransomware used to be $294. It’s more than tripled in the last year. It’s getting more expensive to keep up with ransomware.

As victims struggle to deal with cyberattacks locking up their systems, payouts are on the rise for hackers who target entire computer networks. Ransomware hides onto computers before encrypting important files, demanding victims pay up if they ever want access again.

Throughout 2016, ransomware has become an increasingly popular malware for hackers, hitting San Francisco’s public transportation system, Congress and hospitals. As hackers find creative ways to extort money by holding computers hostage, ransoms are becoming less affordable while the malware becomes tougher to crack. In the near future, the average person might not even be able to pay off ransomware, even if he or she wanted to.

The MIRCOP ransomware demanded $28,730 from victims, the highest price seen during 2016.

Two cybersecurity reports pointed at the startling growth of ransomware attacks during 2016. Ransomware attacks have increased by 50 percent in 2016 from 2015, now the fifth most common type of malware. In 2014, it was only the 22nd most common, according to Verizon’s 2017 Data Breach Investigations Report.

The report also found that ransomware made up more than 70 percent of malware attacks on the health care industry, which includes hospitals, pharmacies and insurance agencies.

In 2016, Symantec found 463,841 instances of ransomware attacks, which rose from 340,665 in 2015. They also discovered 100 new variations of ransomware, tripling since last year. Over the last year, the security company found an average of 1,271 ransomware attacks each day.

Ransomware’s rise comes from both how easy it is to share the malware, as well as how profitable the attacks are. When cyber criminals can share the software with each other and send out ransomware to infect systems in mass amounts through email, it’s a quick formula for an easy buck.

“Ransomware has shown a propensity for monetization and automation,” said Gabriel Bassett, the Verizon’s report co-author. “As long as the industry allows the same things to work, we’re not going to see huge changes because the attacks are all economically driven.”

In 2015, the average profit for a cyber thief through ransomware was $294. Symantec found in its Internet Security Threat Report that demands have more than tripled, jumping up 266 percent to an average $1,077 per victim. Depending on how important the files are, it might be cheaper to just buy a new computer.

They can afford to raise the price when the majority of victims are willing to just pay the price. In the US, 64 percent of ransomware victims opt to pay the ransom, with the software often times being too difficult to crack, even for the FBI.

Attacks have become more sophisticated, going after entire drive systems as opposed to specific files to hold hostage. Ransoms can now also increase for every day it’s not paid, and some ransomware function as pyramid schemes, offering freedom if victims can infect two or more people.

Published by Alfred Ng, at CNET.com
April 27, 2017 5:00 AM PDT
@alfredwkng

A message from @techwisemom: To protect from ransomware threats, you must be proactive. You must have protection in place before it happens. Vine IT offers the most comprehensive security package and highly trained assistance available with cream of the crop enterprise account solutions available for personal users and small to medium sized businesses. Contact the @techwisemom for details and how to get protected today.

2015’s Big Hacks, Exploits and Breaches Cost More Than Money

Beads of sweat form on your forehead. A growing dread gives way to fear, then panic as you come to the realization that someone — you don’t know who — has gotten inside…

…your computer.

2015’s hacks, exploits and breaches are the stuff of horror movies. Regardless of whether hackers targeted your computer or your online accounts, each attack has made our collective skin crawl. With tactics straight out of fright flicks, hackers imitated us and spilled our personal details. Not even our phones were safe; Android users were hit with a zombie bug that won’t die.

The financial ramifications of the hacks have been huge. The breaches cost businesses and consumers a total of $445 billion in 2014, according to the Center for Strategic and International Studies. Analysts say hacks in 2015 cost businesses more than ever before.

“It’s just kind of terrifying,” Jasper Graham, chief executive of cybersecurity firm Darktrace, said of one hack that compromised hundreds of thousands of Social Security numbers. Security questions and passwords are no longer a defense, he said, adding that personal details on social media are often all hackers need to get into your accounts.

Here are the year’s scariest attacks, and the creepy movies they remind us of.

IRS hack

Using stolen tidbits of information, like our mothers’ maiden names, hackers logged into more than 150,000 IRS accounts and tried to get into even more. Armed with the data in those accounts, the hackers started taking over identities, just like Jennifer Jason Leigh’s character did with her roommate in the 1992 flick “Single White Female.”

The IRS reportedly handed over roughly $50 million in tax refunds to the hackers, believed to be in Russia, before it detected the breach.

Unlike Leigh’s character, however, the hackers haven’t gone after anyone with a meat hook… to the best of our knowledge.

Hammertoss malware

Malicious software on your computer could be mimicking your Web browsing habits to disguise itself from antihacking software and receive instructions on where to send your sensitive information. Known as Hammertoss, the malware gets its orders from hackers who put coded messages on Twitter and GitHub. Since you might check the same websites, Hammertoss’ efforts to contact its hacker overlords look totally innocent.

No surprise if that mimicking sounds scarily familiar. Hammertoss is not unlike the space pods that invade a California town and reproduce its inhabitants, complete with memories and personalities, in the 1956 classic “Invasion of the Body Snatchers.” The aliens, like the computer virus, go undetected.

Hammertoss, which researchers say was the work of Russian cyberspies, underscores how hard it is to detect hackers on the prowl in your computer system. In fact, researchers say bad actors go undetected for more than seven months on average.

And that’s just the security breaches we actually know about.

Ashley Madison

In “Fatal Attraction,” an extramarital affair comes back to haunt Michael Douglas’ character in the form of an obsessed female played by Glenn Close. The users of adultery website Ashley Madison were confronted by their own infidelity too, when hackers dumped data from more than 30 million accounts. The account details were posted on the Internet in August, and soon extortionists started targeting the site’s users.

One big difference: Ashley Madison’s members are real people and the fallout was real, too.

“Tell your wife and kids you love them tonight,” one Ashley Madison user wrote to Troy Hunt, who runs a service that alerts people to hacks. “I shall do the same, as I really don’t know if I will have many more chances to do so.”

The blackmailers demand money, Hunt said, “Otherwise, public humiliation.” Hunt says the scammers are unlikely to follow through on their threats, but plenty of frightened victims pay up immediately.

Stagefright vulnerability

Stagefright gives hackers an easy backdoor into Android phones. By sending a text message, hackers can implant malicious code that can take control of the device. Worse, Stagefright is as hard to kill as the zombies in “The Walking Dead.” That’s because the fix has to go through multiple companies before it gets to your phone.

Google sent a patch to makers of Android phones months ago. But each manufacturer ships updates to their products on their own schedules, so there’s no guarantee your phone is protected. Researchers from Zimperium, who discovered the flaw, believe half of current Android phones will never be patched.

The Stagefright flaw might be even scarier than zombies. Hackers with access to your phone could spy through the camera and microphone, or log passwords. Oh yeah, and unlike the reanimated dead, Stagefright is real.

Originally by Laura Hautala @lhautala October 30, 201511:13 AM PDT at www.cnet.com  

 

New Credit Cards Designed to Protect Consumers from Hackers and Cybercrimes During Purchases

US consumers are about to get a new defense against cybercrime. The armor will take the form of credit and debit cards with a built-in chip, which retailers must be able to read as of Thursday (10/1/2015).

Short for EuroPay, MasterCard and Visa, EMV chips create a one-time-use code needed for each purchase, which makes stolen card numbers less valuable on the black market. Consumers may see slightly longer transaction times as in-store readers run the EMV cards, assuming merchants have set up the new payment terminals in time.

Industry watchers don’t expect every merchant to meet Thursday’s deadline, which was set last year by MasterCard, Visa, Discover and American Express. Retailers do have an incentive to act quickly, though. Stores that don’t have EMV-reading terminals will need to make good on in-store purchases made with counterfeit cards. ATMs and gas pumps will face the same liabilities in 2017.

The card companies wrote that rule after cybercriminals stole about 40 million credit and debit card numbers from the payment system of retailer Target during the 2013 holiday-shopping season. Currently, the banks that issue cards are on the hook for fraudulent charges.

There are two ways hackers steal sensitive information. They can use card skimmers to read a card’s magnetic stripe at an ATM or gas pump. They can also penetrate retailers’ corporate information systems, as they have with Target, Home Depot, Neiman Marcus and many others, to copy card numbers. Those stolen numbers can be used on fake cards to make fraudulent purchases. Two-thirds of fraudulent purchases inside stores are made with counterfeit cards, said Stephanie Ericksen, Visa’s vice president of risk products. Authentic cards that were stolen account for the other third.

That’s where these new chip cards can help. Because the chips send encrypted, one-time codes for each transaction, the cards are harder for fraudsters to read and duplicate, experts say. While the cards are just rolling out in the US, the technology isn’t new. Europe started using cards with embedded chips in 2005. Apple Pay and Android Pay mobile payments work on the same underlying rules.

Despite the impending retailer deadline, many consumers still don’t know about the new kinds of cards. In an August survey by electronic payments company ACI Worldwide, 59 percent of consumers reported they hadn’t received credit cards with EMV chips. Only a third knew the United States is shifting toward chip readers. What’s more, only 27 percent of merchants are prepared for the October deadline for card reader technology, according to a report released in mid-September by the Strawhecker Group, a consulting firm for the payments industry.

Experts say the slow rollout could be due to the cost of new card-reading equipment. Merchants must weigh the expense of buying new payment systems and training employees on that gear against the unknown hit from fraudulent charges. Some may even consider their new liabilities the cost of doing business.

Consumers will need to adapt to the new system too, experts said.

“There may be some initial inconvenience at the point of sale,” said TJ Horan, vice president of product management at FICO, which helps banks determine a consumer’s credit risk.

Despite the increased security, industry watchers don’t expect card fraud to disappear. Horan likens it to squeezing a water balloon: If you push fraud out of the system in one place, it will simply shift somewhere else.

Originally posted on http://www.cnet.com by, Laura Hautala of http://www.cnet.com @lhautala