Another Bitcoin Ransomware Released
A recent outbreak of ransomware attacks, from the WannaCry worm in May to Tuesday’s infection of thousands of computer systems around the globe, shows that digital stickups are becoming the go-to hack for cybercriminals, fueled by powerful leaked U.S. government exploits and the rise of bitcoin and other anonymous digital currencies.
Tuesday’s attack showed no signs of slowing down, as cybersecurity researchers had not found a kill switch similar to the one that allowed them to stop WannaCry after it had infected hundreds of thousands of computer in more than 150 countries, preventing it from becoming one of the worst attacks on record.
The new infections, which appeared concentrated in Ukraine before spreading globally, are a sign that ransomware is becoming a routine risk of doing business, as other forms of attacks get less profitable. Banks and retailers have strengthened their defenses, driving the price for stolen credit card numbers down to as little as 50 cents apiece, according to research from Symantec Corp., the biggest cybersecurity software maker. But ransomware demands are on the rise, nearly tripling from an average of about $300 per computer infected in 2015 to more than $1,000 each last year, Symantec said. Earlier this month, a South Korean web hosting company agreed to pay more than $1 million to unlock its servers in what’s believed to be the biggest ransomware payout on record.
“The new versions of ransomware are the perfect crime,” said Jack Danahy, co-founder of Barkly Protects Inc., a Boston-based cybersecurity firm. “It’s super-easy to do — monkeys could do it — and the profits are remarkably high. And the third thing that makes it perfect is anonymity, because nobody wants to get caught. That’s why this thing is growing.”
It’s possible that Tuesday’s outbreak may not spread as quickly or be as damaging as WannaCry, whose early victims included hospitals in the U.K. that had to shut some services while dealing with cleanup. The new malware uses an exploit called EternalBlue to spread by taking advantage of vulnerabilities in Microsoft Corp.’s Windows operating system, similar to WannaCry. But many of those weaknesses have been patched for months — meaning that many computers already have protection against its key propagation mechanism.