A New Form Of Ransomware – Nukeware

There are numerous stories in the media regarding ransomware.

Hollywood Presbyterian Medical Center was operating with pen and pencil for 10 days last February when they were hit with a ransomware attack.  They paid the attackers 40 bitcoins and got access to their data back.

In March, the Medstar healthcare chain in the Washington DC area, an organization that runs several hundred hospitals and clinics, “took systems offline” to stop malware from spreading.  While they have been very quiet as to what exactly happened, sources have confirmed that it was a ransomware attack.  What we don’t know is whether they paid a ransom or not.

But, as with all con games, the game may have morphed some.

In the nukeware scenario, the con artists have figured out that they can just delete your files and pop up a screen that says pay them and some people will pay.  This is a whole lot easier than writing software that encrypts and decrypts your data and tracks your payments and manages all that.

Instead, they just delete your files and put up a screen on your computer that looks like this:


These attackers only ask for 0.2 bitcoins or about a hundred bucks, more or less, and if you pay them, you get a message that the payment failed.  Of course the payment actually succeeded, but maybe some people will pay them twice.

Since they have deleted your files and done other things to your computer like disabling safe more and shadow copies, it is difficult to recover from the attack.  And, since they have deleted your data, you are not gonna get it back.

Some of us have been saying that paying a ransom is always dangerous since you never know if you are going to get your data back.

In this case, even if you pay the ransom, you will not get your files back because they were not encrypted but rather, deleted.

Here is another scenario:  what if the next morph is for hackers to take the data and send it to the hacker somewhere.  Then the hackers could use the data as they saw fit.

The HIPAA rules already say that you must assume that in a ransomware attack that the data was accessed.

The challenge with malware is that it can change instantly.  We have to be able to respond just as quickly.

The information for this post came from The Register.

Leave a Reply

Your email address will not be published.