{"id":15621,"date":"2019-06-25T20:46:59","date_gmt":"2019-06-26T04:46:59","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/06\/25\/news-9370\/"},"modified":"2019-06-25T20:46:59","modified_gmt":"2019-06-26T04:46:59","slug":"news-9370","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/06\/25\/news-9370\/","title":{"rendered":"Radiohead\u2019s ransom response shows novel approach for ransomware victims"},"content":{"rendered":"

Credit to Author: David Ruiz| Date: Thu, 20 Jun 2019 17:20:30 +0000<\/strong><\/p>\n

Last week, British rock band Radiohead thwarted an attempted digital ransom, in which unnamed hackers stole roughly 18 hours of unreleased music dating back to the band\u2019s recording of its studio album OK, Computer<\/em>, revealing some less-than-ok computer security (sorry). <\/p>\n

Instead of paying a ransom to keep the music secret, Radiohead released the files themselves, giving listeners a chance to stream the content for free, or download it for \u00a318<\/a>. All proceeds will go to the organized political group Extinction Rebellion, which fights to address climate change. <\/p>\n

As digital ransoms and straightforward ransomware attacks continue to plague companies, organizations, and entire cities<\/a>, a handful of victims, like Radiohead, are taking novel approaches, often refusing to pay. <\/p>\n

But these approaches work for few victims, said Bill Siegel, co-founder of CoveWare, which helps ransomware victims rebuild their databases and negotiate with ransomware hackers if necessary. <\/p>\n

\u201cI think what Radiohead did was an amazing thing, but the content they had was for public consumption to begin with, unlike a private company\u2019s data, which is never for public consumption,\u201d Siegel said. \u201cYou have to draw that distinction. Every case is unique.\u201d <\/p>\n

For everyone who isn’t Radiohead, fret not, as there are several other creative solutions when recovering from a ransomware attack. <\/p>\n

Ransoms, ransomware, and responses<\/strong><\/h3>\n

Ransomware attacks continue to threaten and destabilize small and large businesses, and, according to recent data from CoveWare<\/a>, the actual ransom amounts demanded are increasing dramatically. In the first quarter of 2019, CoveWare found that ransom amount demands increased 90 percent, with the average amount demanded after a Ryuk ransomware attack hitting $286,556. The average ransomware attack downtime is 7.3 days, and the average cost of that downtime is $64,645. <\/p>\n

For Radiohead, the band was told to pay $150,000 or risk having the 18 hours of stolen music released online. On June 11, Radiohead guitarist Jonny Greenwood announced the ransom attempt on Facebook<\/a>, along with the band’s subsequent ransom refusal. To read his words, the whole affair seemed tedious. <\/p>\n

\u201c[I]nstead of complaining\u2014much\u2014or ignoring it, we\u2019re releasing all 18 hours on Bandcamp in aid of Extinction Rebellion,\u201d wrote Greenwood. \u201cJust for the next 18 days. So for \u00a318 you can find out if we should have paid that ransom.\u201d<\/p>\n

The band\u2019s description of the recorded material is even more mundane: <\/p>\n

\n

\u201cit\u2019s not v interesting
there\u2019s a lot of it.\u201d <\/p>\n<\/blockquote>\n

(The Guardian gave it four out of five stars<\/a>.)<\/p>\n

Less than one week after Greenwood\u2019s announcement, another potential digital ransom victim refused to back down.<\/p>\n

On June 15, actress Bella Thorne told her followers on Twitter that, after a hacker attempted to blackmail her with stolen nude photos, she was going to post those photos herself<\/a>. <\/p>\n

“I’m putting this out because it’s my decision. Now you don\u2019t get to take yet another thing from me,\u201d Thorne wrote in a note posted on Twitter<\/a>. “I can sleep better knowing I took my power back. You can’t control my life, you never will.\u201d <\/p>\n

Thorne\u2019s response echoed another blackmail attempt that was shut down earlier this year by Amazon CEO Jeff Bezos<\/a>. Following the National Enquirer\u2019s expos\u00e9 into Bezos\u2019 affair with a television anchor, which revealed several surreptitiously-obtained private messages, Bezos hired a private investigator to look into how his private texts were leaked to the supermarket tabloid. Weeks into the investigation, Bezos said he was offered a proposition by the paper’s owner: Stop his investigation or suffer the publishing of more intimate details, including one \u201cbelow-the-belt selfie.\u201d<\/p>\n

Bezos did not buckle. Instead, he wrote on Medium<\/a> about his back-and-forth with the National Enquirer\u2019s owner, AMI. <\/p>\n

\u201cOf course I don\u2019t want personal photos published, but I also won\u2019t participate in [AMI\u2019s] well-known practice of blackmail, political favors, political attacks, and corruption,\u201d Bezos wrote. \u201cI prefer to stand up, roll this log over, and see what crawls out.\u201d<\/p>\n

Bezos, Thorne, and Radiohead all responded the same way\u2014they flipped the situation, turning themselves from victims into champions. <\/p>\n

\u201cI don\u2019t love @JeffBezos in general, but I LOVE Jeff Bezos in particular here,\u201d wrote Silicon Valley journalist Kara Swisher on Twitter<\/a>. <\/p>\n

\u201cBella Thorne steals hackers thunder,\u201d wrote one cybersecurity blog. <\/p>\n

\u201cRadiohead Just Took On Ransom Hackers\u2014And Won,\u201d read the headline for Forbes. <\/p>\n

Siegel said Radiohead\u2019s response \u201cdefused\u201d the situation. <\/p>\n

\u201cThat\u2019s an important word when it comes to public ransomware incidents,\u201d Siegel said. \u201cIt is the ability to control the narrative and defuse it. It makes a big difference in the perception of how it was handled.\u201d<\/p>\n

But when it comes to how organizations have responded to actual ransomware\u2014which is not the same as the above examples\u2014the publicized results have been less empowering. <\/p>\n

Ransomware attacks are unlike the threat made against Radiohead, making the responses to them potentially more complicated. Ransomware authors often target a large organization, deploying malware that encrypts all the files stored on a machine, leaving them indecipherable and completely useless unless decrypted. <\/p>\n

Ransomware attackers then give victims a choice: Pay up and get the decryption key, or, lose access to all your files forever. <\/p>\n

Recently, one ransomware victim chose the latter. <\/p>\n

In April, a two-surgeon medical practice in Michigan shut down early\u2014about one year before the doctors’ planned retirement\u2014after getting hit with a string of ransomware that locked all patient files behind a guarded decryption key. Medical records, bills, and patient appointments were all inaccessible after the attack. <\/p>\n

The two doctors decided against paying the demanded $6,500 ransom, because, according to an interview with the Star Tribune<\/a>, there was no guarantee the decryption key would work or that the ransomware wouldn\u2019t be deployed against them again. <\/p>\n

The lost appointment calendar led to one of the doctors staying in the office simply to cover all the upcoming\u2014but unviewable\u2014appointments. <\/p>\n

\u201cWe didn\u2019t even know who had an appointment in order to cancel them,\u201d one of the surgeons told the Star Tribune. \u201cSo what I did was just sort of sat in the office and saw whoever showed up. For the next couple of weeks.\u201d<\/p>\n

This outcome, Siegel said, is not desired. <\/p>\n

\u201cIt\u2019s not super responsible,\u201d Siegel said. \u201cThere are still patients who want their records, and they can\u2019t get them anymore.\u201d <\/p>\n

Another ransomware victim that failed to appropriately respond is the City of Baltimore. <\/p>\n

In early May, threat actors deployed the ransomware RobbinHood against 10,000 computers used by the City of Baltimore, locking city services into digital gridlock. As of June 5, only one third of the city\u2019s employees had received new logins<\/a>, and the process to obtain new credentials required in-person visits. Some email and phone services had been restored, city officials said, but much of the city\u2019s payment processes were still relegated to manual efforts. Residents\u2019 water bills would be higher in the future, said one official, because the smart meters could not accurately capture water usage for the past month. Parking tickets needed to be paid in person, with the physical ticket in hand. <\/p>\n

All accounted, the cost of the ransomware attack would hit $18 million, with $10 million devoted to cleanup and $8 million lost from downtime. The original ransom amount demanded was 13 Bitcoin, or about $116,000 today. <\/p>\n

\u201cIf you look at Baltimore, it\u2019s a case study of what not to do, across the board,\u201d Siegel said. \u201cIf you don\u2019t have a plan, and you make that very obvious, in public, you\u2019re just thrashing around.\u201d <\/p>\n

Turning panic into progress<\/strong><\/h3>\n

Two weeks ago, we gave users a rundown on how to prepare for a ransomware attack on their systems<\/a>. While useful, the guide focuses on preparation\u2014after all, the best way to protect against ransomware is to prevent it from happening in the first place. <\/p>\n

But what about the company that has already been hit with a ransomware attack? What about a mid-sized business that doesn\u2019t have the resources of the world\u2019s richest man (Bezos), the popularity of the band that made the often-named<\/a> most influential record<\/a> of the current millennium<\/a> (Radiohead), or the courage to post revealing information about themselves, detractors be damned (Thorne)? <\/p>\n

What options are left for businesses that can\u2019t shut down overnight, can\u2019t afford to spend $18 million on recovery, and still refuse to pay a ransom? <\/p>\n

There are many options, Siegel said. Further, these options are just as ingenuous as every example listed, just maybe not as flashy. <\/p>\n

\u201cIt\u2019s not as fun a story, but the practical reality of recovery in lieu of paying involves a lot of creativity,\u201d Siegel said. He said that, for CoveWare’s many clients, if there is ransom on the table to pay, \u201cour stance is, it\u2019s always the last resort.\u201d <\/p>\n

Immediately after a ransomware attack, Siegel said that company employees have three priorities in maintaining their business and limiting downtime: access to email, access to the Internet, and access to a file server to save and share their work. <\/p>\n

As a business ensures that its employees can actually work in the following days, it can also start by rebuilding the data that is currently locked by a ransomware attack. There are many methods, and most of them aren\u2019t high-tech. Instead, they\u2019re clever, Siegel said. <\/p>\n

\u201cWe\u2019ve seen before that everybody gets their laptops, we\u2019re talking 65 laptops in a room, and we start copying emails off of everybody\u2019s Outlook accounts, literally to start rebuilding,\u201d Siegel said. He said he has also seen employees going through all their email inboxes and outboxes and copying attached documents that were sent and received. <\/p>\n

\u201cIt\u2019s amazing where you can find copies of data,\u201d Siegel said. <\/p>\n

While the rebuilding process is happening, companies can also discuss the actual cost of paying a ransom or getting help to rebuild internal databases. For example, Siegel said, if a company has lost its QuickBook files through a ransomware attack, it can determine whether it makes more sense to spend, say $10,000 to $20,000 hiring local contractors to rebuild a database of invoices and accounts payable, rather than paying $100,000 for a ransom. Plus, Siegel said, a rebuilt database is a guarantee, whereas a paid ransom is not\u2014according to CoveWare data, 96 percent of paid ransoms are honored. <\/p>\n

The decision to pay off a ransom isn\u2019t just economical, Siegel said. It\u2019s also moral. <\/p>\n

Siegel mentioned a client he spoke to who was hit with ransomware. The client\u2019s insurance policy was going to cover the recovery cost (which is not always a guarantee<\/a>), but the client was considering hiring contractors and local vendors to help rebuild his company\u2019s database rather than paying the ransom. The cost to rebuild, Siegel said, would be about $300,000 to $400,000 for the client. <\/p>\n

\u201cThe client said \u2018Granted, it might take a month [to rebuild], versus paying [the ransom], which takes a day, but I\u2019m going to put that money back into the local economy, hiring contractors and vendors, rather than shipping it over to criminals,\u2019\u201d Siegel said. <\/p>\n

Paying a ransom is a last resort for many ransomware victims. But that doesn\u2019t mean victims have to be completely undone by an attack. Instead, they can turn the tables, rebuilding from scratch, or doing their part to keep money out of criminals\u2019 hands. Or, in the extremely unique case of Radiohead\u2019s digital ransom, creating a revenue stream that never would have existed, and delivering that money straight to a social cause. <\/p>\n

Perhaps the band was prophetic in 16 years ago naming its sixth studio album: Hail to the Thief. <\/em>But in the case of businesses and celebrities who refuse to pay the ransom, it’s more like Fail to the Thief.<\/p>\n

The post Radiohead\u2019s ransom response shows novel approach for ransomware victims<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: David Ruiz| Date: Thu, 20 Jun 2019 17:20:30 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Last week, British rock bank Radiohead thwarted an attempted digital ransom, in which unnamed hackers stole roughly 18 hours of unreleased music dating back to the band\u2019s recording of its studio album OK, Computer, revealing some less-than-ok computer security (sorry). <\/p>\n

Categories: <\/p>\n