What about Ransomware?
Incidents of computer system hacking and ransomware attacks are chronicled almost eery day. From the Hollywood Presbyterian Medical Center last yea, the Erie County Medical Center and many others have been victimized by ransomware attacks. Our own Fairview Hospital was recently targeted by hackers who managed, at the very least, to scramble some of the information stored in their system. All Berkshire Health Systems' computers may have been targeted but I cannot find any mention of the incident in The Berkshire Eagle or other news sources. More on that as I learn more.In the Hollywood Medical Center incident, The criminals encrypted the hospital's complete file system informing the hospital that they would "sell" the decryption keys to the hospital for a fee. The Medical Center eventually paid $17 million dollars in Bitcoin for the keys. Presumably they got access to their patient data.
What is Ransomware?
The Hollywood Medical Center above is a perfect example: A non-authorized person (Bandit) gets access to your computer and runs an app (we used to call these programs) that encrypts or "locks" most or all files on the system so that they are inaccessible without the "unlock keys." An unlock key is a very long string of characters (see example below) that supposedly make you data available to you. The bandit then offers to sell the keys needed to unscramble the data.
Example Encryption Key
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb13jZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55mbSYxECQQDeAw6fiIQXGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMdaNzQW9WaI+NRfcxUJrmfPwIGm63ilAkEAxCL5HQb2bQr4ByorcMWmhEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo39s5p+sqGxOlFL0NDt4SkosjgGwJAFklyR1uZwPJjj611cdBcztlPdqoxssQGnh85BzCju3WqBpE2vjvyyvyI5kX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbufhrT8ebHkTz2eplU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb13jZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55mbSYxECQQDeAw6fiIQXGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMdaNzQW9WaI+NRfcxUJrmfPwIGm63ilAkEAxCL5HQb2bQr4ByorcMWmhEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo39s5p+sqGxOlFL0NDt4SkosjgGwJAFklyR1uZwPJjj611cdBcztlPdqoxssQGnh85BzCju3WqBpE2vjvyyvyI5kX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbufhrT8ebHkTz2eplU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----
How does a Bandit Run A Ransomware app on Your Computer?
Usually the Bandit does not run the app on your computer, YOU DO. The bandit sends a e-mail, for example, that is set up to look like it is from a legitimate sender. In the incident above, it could have been from "Medical Records" or "Patient Relations" or any one of numerous possibilities. The e-mail has a document or photo or other file attached and the recipient is instructed to download it. That's when the fun begins.Sometimes a pop-up or link on a web page will do the same thing. I have seen pop-ups that look very similar to legitimate alerts coming from windows saying things like "Important: Dangerous virus found on your computer, Click here to remove". When the user clicks on the link, bad stuff happens. Bandits send these emails out by the thousands, hoping to find just one who will bite. That's all they need. That's why it;s called "fishing."
Although I have not encountered a client whose data was scrambled, I have encountered a few whose computers were infected with a virus that kept asking for money to buy a program to remove virus infections, including itself. These were exceedingly difficult to remove as the virus consisted of multiple programs that each checked for the existence of the other, and re-installed any that were found missing.
The encryption may not happen immediately, It could be installing software that allows the Bandit access to your computer without your knowledge. This is precisely what happened to John Podesta, and the Democratic national Committee. It very well may have happened to the Republican National Committee as well. The Bandit needs only to infect the computer of one person who has access to the other systems and the gate is thrown wide open. The bandit has scaled the wall and is now inside the compound.
(Next Post Prudence pays off - How to protcet your files)
Comments
Post a Comment