If the ransomware doesn’t get you, the DDoS might (UPDATE4)
Extortionists are busier than ever. This past week saw more reports on ransomware that corrupts files even if you pay the ransom, and DDoS attacks so powerful that usual defenses may be inadequate.
Brian Krebs reports:
One of the more common and destructive computer crimes to emerge over the past few years involves ransomware — malicious code that quietly scrambles all of the infected user’s documents and files with very strong encryption. A ransom, to be paid in Bitcon, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site’s files, pages and images for ransom.
Read more on KrebsOnSecurity.com, where Brian also includes some info on backing up your system. One of the things he reports – and I’ve seen this elsewhere as well – is that there’s something about the new ransomware that even when you are eventually able to decrypt your files (assuming you pay the ransom), some of the files seem to be corrupted by the ransomware’s decryption. TheHackerNews also has more on the Linux ransomware Brian discusses.
Besides the ransomware threat this week, I am also seeing more about companies paying extortion demands to avoid massive DDoS attacks that are taking down web sites. A few days after ProtonMail announced that it had paid the extortion demands at the urging of its web host and other companies affected by the massive attack, a tweet from @CocaineSecurity suggested that Swedbank had paid an extortion demand to stop a DDoS attack. In a tweet on November 7, @CocaineSecurity wrote:
Thanks for the bitcoins! @Swedbank Nobody will now touch your website.
— CocaineSecurity (@CocaineSecurity) November 7, 2015
“Thanks for the bitcoins! @Swedbank Nobody will now touch your website.”
As of the time of this posting, there’s been no statement from Swedbank either confirming or denying the claim that they paid the extortion demand.
Update: Swedbank just responded to my tweeted inquiry about this by replying that they have not paid any ransom demand and have reported the individual to the police:
@CocaineSecurity quickly responded with its own tweet:
“@PogoWasRight @Swedbank Wanna go down again? We do bite”
Update2: Not all are DDoS attacks, it seems.
Update3: Paying ransom didn’t work. See ProtonMail DDoS wipeout: Day 6. Yes, we’re still under attack