Hi Friends,
Got some news on a new ransomware making a name for itself. It doesn't appear to spread itself through spam, but researchers aren't really sure how it's spread yet. The one thing they do know is that it's pushed out to servers using a Domain Controller. The ransomware is named RobinHood and unlike good Robin of Loxley, this ransomware doesn't take money from rich people and give it to the poor, it just takes money.
RobinHood is a ransomware, which means when it's kicked off, it goes to work encrypting your files. Yep, encrypting files is good when you have the key to unlock it, but in this case you can only get the key if you've paid the ransom.
Think of it like this. Some guy breaks into your house when you're at work. He changes all the locks on the doors and when you come home he says, "Hey, I've locked up your house and you can't get in. All of your things are still in the house and I'll give you the new key only if you give me $5000. If you don't give me $5000 in a few days, you can come in, but all your stuff will be gone." That would suck!
Ransomware has been declining due to Bitcoin losing a bunch of it's value. In December of 2017 it was almost up to $20,000 per coin (yes 20,000), but quickly lost value in 2018. (https://en.wikipedia.org/wiki/History_of_bitcoin) The first couple months in 2019 it was around $3500-$4000 per Bitcoin. That's a heck of a loss!
Ah, but if you've taken a look at the price of Bitcoin lately, it's starting to creep up again. I checked today's prices and it's almost $8000 a coin, so with the price of cryptocurrency going up, so does the prevalence of ransomware.
One of the first highly publicized instances of RobinHood is when it attacked the city of Greenville in North Carolina in April. (https://www.baltimoresun.com/news/maryland/politics/bs-md-ci-ransomware-attack-20190517-story.html) According to the article in the Baltimore Sun, 5 weeks after the April attack, the city was still recovering!
Can you imagine that? Shutting down a city for over a month! Now this isn't to say that Greenville was teleported back to the dark ages because their servers were locked-up, but can you imagine the headache that this caused? Everything is being computerized!
Now shift gears to May and another city is hit by RobinHood. This time Baltimore in Maryland was hit. Adding insult to injury, Baltimore was hit last year with malware that took down their 911 system. So I'm sure the cities IT folks, officials and citizens are less then happy.
Baltimore has decided not to pay the ransom and it is rebuilding it's servers as I write this article.
Can you imagine the huge pain in the behind this causes a city? Now imagine this happening to a hospital!
It's a brave new world folks and things like this are becoming common place. You can't stop threat actors from attacking your city or your hospital (Unless you're a security person working for your city or hospital.), but you can educate yourself.
If you get a weird email about your accounts being locked or compromised or needing additional information, don't click on anything! If you're truly concerned, go to the actual companies website and login from there.
Be careful out there!
Neil
Coming to you from the mind of Neil Glick (The Brain), a good old fashion, home cooked technical blog regarding storage, virtualization, security, and now cloud and backups! All Opinions Are My Own.
No comments:
Post a Comment