#CyberFLASH: Carleton University says it didn’t pay hacker’s ransom after cyberattack


Carleton University confirms its IT network was attacked by ransomware — a type of computer virus that uses encryption to effectively hold files hostage in exchange for payment — but said it didn’t pay any ransom.

Systems are coming back online little by little after the problem appeared Tuesday morning, Roseann O’Reilly Runte told CBC News on Wednesday.

Classes are happening as regularly scheduled and Wi-Fi is available on campus, she said.

No ransom was paid, according to university spokesperson Don Cumming.

The university is expected to make a statement at 4 p.m. ET.

A graduate student at the university emailed CBC Tuesday to say the attackers asked for payment in bitcoin, a digital currency that is difficult to trace. According to a message he saw on a school computer, the attackers are asking for either two bitcoin per machine, or 39 bitcoin total to release the encrypted files — the latter equalling nearly $38,941 at today’s rate on the popular Bitcoin exchange Coinbase.

Students, employees warned Tuesday

On Tuesday morning, students and employees were warned that any Windows-based system accessible from the main network may have been compromised after an external group apparently attempted to hack the school’s IT network.

“To reduce traffic on the network, it is recommended that users refrain from using Microsoft Windows systems at the current time and shut down your computer,” the school warned in a message posted on its website and Facebook page.

On Wednesday, the university’s IT department said work is continuing to restore email services.

Read more here

#CyberFLASH: Carleton U warns students of hacker attack on IT network


Carleton University is warning students and employees after an external group apparently attempted to hack the school’s IT network.

The school warned that any system accessible from the main network that is Windows-based may have been compromised.

The school’s IT security unit is attempting to secure the network from further attacks.

“To reduce traffic on the network, it is recommended that users refrain from using Microsoft Windows systems at the current time and shut down your computer,” the school warned in a message posted on its website and its Facebook page.

Ransomware messages demand bitcoin payments

The school said people may see ransomware messages appear on their screens, demanding payments in bitcoins.

“Users are asked to ignore all messages seeking a payment and are encouraged to report these messages to the CCS Help Desk at ext. 3700 or ccs.service.desk@carleton.ca,” the school said in a statement.

David Kenyi, a volunteer at the International Students Service Office, said he got a push notification on his phone of the system shutdown.

Read more here

#CyberFLASH: Study finds dozens of Canadian firms have paid ransoms to regain control of data

imageTORONTO — A new report has revealed dozens of Canadian organizations were forced to pay attackers over the past year to regain access to computer files and IT systems infected with ransomware.

The finding is part of an international study conducted on behalf of a Silicon Valley company that fights ransomware, which typically locks legitimate users out of a system and sends a message requiring a payment to get a software code or key.

The Osterman Research study published by Malwarebytes found 44 of the 125 Canadian respondents, all of whom were anonymous, reported having a ransomware attack on their organization in the previous 12 months.

A majority of the victims, 33 of the respondents, said they’d paid ransoms with costs ranging from $1,000 to $50,000.

They study also found 11 of the 44 organizations targeted by ransomware had to shut down their business for a time to deal with the attack and devote an average of nine person-hours to recover.

Five of the victim respondents, all identified as working in the health-care industry, said they believed lives were at risk.

Read more here

#CyberFLASH: Saint John Development Corporation finds cyber attack damage

GettyImages-556421117The Saint John Development Corporation says it’s working to restore an annual report that it lost to a cyber attack in early 2015.

“We lost a lot of our data,” said General Manager Kent MacIntyre. “We had some [Saint John] city IT people working with us to try to recover that but in the end, it wasn’t recovered.”

According to MacIntyre, sensitive information wasn’t compromised because it was being stored on city servers at the time.

He said the ransomware infected only the office laptops and he doesn’t know why they were hit at all.

“Ransomware isn’t always a targeted attack,” said David Shipley, a member of UNB’s cybersecurity team.

Shipley said organized criminals push out emails that contain malicious software that can scramble information, making it inaccessible without a key.

The perpetrators then demand money to restore the information.

Shipley said it must be paying off, because ransomware attacks have become a huge crime wave around the world.

UNB has seen a significant spike in activity.

A million viruses in a month

“In a typical month, we might receive 149,000 emails with malicious attachments or viruses in them,” said Shipley. “In March, we saw that number almost jump to a million.”

Read more here

#CyberFLASH: Ransomware: How do you avoid getting caught in the trap?

10712553From universities and hospitals to small charities and businesses, criminals using ransomware aren’t picky about targets — as long as they pay.

Ransomware is the name given to software or computer viruses that spread by email attachments or compromised websites and encrypt the host computer’s files, holding them hostage until the perpetrators are paid.

So what can you do to avoid having your data held hostage? And if it happens, what can you do to protect yourself?

Avner Levin, the director of Ryerson University’s privacy and cyber crime institute, was on CBC Radio’s Ontario Today at 12 p.m. ET to discuss how ransomware works and how to avoid it.

He later took part in a live chat to answer questions about how to avoid having your computer or business held hostage by ransomware.

Read more here

#CyberFLASH: Ransomware attack on Red Deer College thwarted

r-TEKSAVVY-FILE-SHARING-LAWSUIT-VOLTAGE-large570“We were able to lock down the system within about five minutes,” said Jim Brinkhurst, vice-president of college services.

“As a result of the quick response, we did not lose any data.”

University of Calgary paid $20K in ransomware attack
Ransomware attacks easy to launch, security expert warns
Post-secondary institutions, in particular, need to be prepared for these types of attacks, according to Chester Wisniewski, a senior security adviser with Sophos, a computer security firm based in Vancouver.

“I would actually be surprised if any significantly sized organizations — especially something like a university, which is rather difficult to put controls on compared to a company — hasn’t experienced some ransomware attacks, although obviously not usually as high of profile or as visibly as the ones at the University of Calgary,” he said.

The U of C revealed earlier this month it had paid $20,000 to hackers who infected university computers with ransomware, which encrypts valuable data and renders it useless to the owners unless they pay a fee to the attackers to decrypt it.

Wisniewski said most attacks come in the form of a fake email that tricks recipients into downloading an infected attachment. Lately, he said attackers have targeted Canadians with official-looking emails purporting to come from the Canada Revenue Agency.

He said other attacks rely on exploiting vulnerabilities in software, particular Adobe Flash, to infect computers that visit websites controlled by hackers.

In Red Deer College’s case, Brinkhurst said the employee had downloaded a file, not through email, that was infected when she noticed her error and called for support.

Read more here

#CyberFLASH: Ransomware and mobile app collusion are the main cybersecurity threats of late: Intel Security

148650499-e1416334498678Ransomware, the Pinkslipbot Trojan, and mobile app collusion are the growing cybersecurity threats of note in the past quarter, according to Intel Security this week.

The issue of ransomware has been in the news lately — most recently at the University of Calgary. According to the Santa Clara, Calif.-based firm in its McAfee Labs Threats Report: June 2016, new ransomware samples rose 24 per cent this quarter.

The relatively low skill bar of entry for perpetrating ransomware attacks — it can be as easy as gaining access to an exploit kit to deploy the malware — has created a thriving underground cybercrime community, Intel Security said.

The backdoor W32/Pinkslipbot Trojan worm has also re-emerged as a security threat; first launched in 2007, the worm is capable of stealing sensitive information such as email passwords, signing certificates and financial information. Since December 2015, McAfee Labs has received more than 4,200 unique Pinkslipbot binaries primarily in the United States, United Kingdom, and Canada, who ranks third in terms of infection share at 3.6 per cent.

App collusion

The “mobile app collusion” term refers to a scenario when savvy cybercriminals manipulate two or more apps to instigate malicious attacks capable of exfiltrating user data, inspecting files, sending fake SMS messages, loading additional apps without user consent, and sending user location information to control servers, according to Intel Security.

Read more here

#CyberFLASH: University of Calgary paid $20K in ransomware attack

10712553The University of Calgary paid a demanded $20,000 after a “ransomware” cyberattack on its computer systems.

The university announced the ransom payment Tuesday, a week after the initial attack.

“As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totalling about $20,000 Cdn that was demanded as part of this ransomware attack,” Linda Dalgetty, vice-president of finances and services, said in a release.

“A ransomware attack involves an unknown cyberattacker locking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided,” the release said.

“There is no indication that any personal or other university data was released to the public,” Dalgetty said.

University officials don’t know the source of the ransomware cyberattack, or if it was one person, a group, local or international. There had been one minor data breach at the school, but this attack was different because it encrypted the university’s email server.

“What we do know is that when we first identified the encryption, we did get a ransom note,” said Dalgetty at a news conference on Tuesday. “So that’s how we knew it was ransomware. And we also knew that it was likely someone external who had likely planted that ransomware,” she said.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.