Ransomware is insidious software that is designed to block access to a computer system until a certain amount of ransom is paid, usually in bitcoins, a digital currency that is transferred without the need of a central bank.
The infection usually comes in the form of an email containing an invoice or a shipment notification with a link attached. Once the recipient clicks on the link, their files are almost immediately locked.
Ransomware attacks are nothing new. In fact, they have been going on for years with the first known attack taking place in 1989.
In 2014, several Apple users, most of them located in Australia, were affected by the malware, and more than 225,000 iPhone users had their Apple accounts stolen in 2015.
Palo Alto Networks named this “the largest known Apple account theft caused by malware.” The malware was only able infect jailbroken iPhones due to the phone’s file systems becoming unrestricted.
In recent years, more and more companies and institutions have fallen victim to these computer system hacks. According to a 2014 report by Symantec, an antivirus software company, ransomware attacks went from 100,000 in January 2013 to 600,000 by December of that same year.
Within the last month, 14 hospitals were hit, along with a café in Maryland, and Apple Inc’s Mac computers. Fortunately, most of them were able to stop the attack before it retrieved all of their files.
Hollywood Presbyterian Medical Center, which first noticed the attack on February 5th, was not so lucky. The medical center ended up paying $17,000 worth of bitcoins to hackers in order to regain control of their computer system.
Ryan Kalembar, senior vice president for cybersecurity strategy at Proofpoint, told CBS news that medical records are extremely valuable on the black market, potentially more valuable than an individual’s credit card information or identity. If hackers start to observe their target’s data before encrypting it, they may be able to identify, not only what kind of data it is, but also to whom it belongs to. This would not only raise ransom demands, but also enable hackers to decode and sell the data.
The newest ransomware that is being used is known as MSIL/Samas.A. This malware is able to encrypt the data of entire networks rather than one computer at a time.
The FBI has asked businesses and software security experts for help in its investigation of this newly developed malware.