Business Security

The state of ransomware reaches new heights ... and more news on Facebook

Avast Security News Team, 29 March 2018

Ransomware locks up Atlanta and Boeing while social media cranks up the privacy settings.

Atlanta suffers massive ransomware attack

The city courtrooms are dark. The airport no longer has Wi-Fi. Residents cannot pay bills online. And city employees are keeping city hall functionally active with only pen and paper.

“We are dealing with a hostage situation,” states Atlanta mayor Keisha Lance Bottoms.

It’s been one week since the hacker group SamSam has abducted the city’s data, locking it up behind impregnable encryption and demanding a ransom of six bitcoins (about $51,000) to release it.

SamSam has a recent history of attacking civil institutions that can’t afford to be offline for the period of time it would take to restore and recover. By strategically targeting hospitals, universities, and various civil services, the cybercriminals are tempting city officials to pay the not-exorbitant ransom in order to restore normalcy as quickly as possible.

Mayor Bottoms reports that paying the ransom is not out of the question for Atlanta. The funny thing is, however, that the payment portal has been taken down. Once the link to the cybercriminals’ bitcoin wallet was leaked from city hall, the attackers were swarmed with emails, questions, and comments. At first, they announced they would respond if more money was paid, but then they quickly took down the portal, citing too much spam.

It is unknown at this time if another portal was set up between the crooks and city hall, and if Mayor Bottoms is going to give in to their demands, but one thing is certain – fortifying the city’s digital defenses has moved up on the priority list. “It certainly has gone to the front of the line,” the mayor confirms.    

Ransomware makes Boeing “WannaCry”

On Wednesday this week, aircraft manufacturing company Boeing was hit with a ransomware attack that some executives have identified as the WannaCry strain.

WannaCry is a specific kind of ransomware based on software developed by the NSA. Last year, WannaCry devastated thousands upon thousands of users across 70 countries. The malware works by exploiting a vulnerability in older, non-updated Microsoft Windows systems.

Boeing has released a statement playing down the attack, calling claims of the malware disruption “overstated and inaccurate” and reporting that their internal cybersecurity “detected a limited intrusion of malware that affected a small number of systems.”

WannaCry was defeated last year when patches were developed to cover the Windows vulnerability. Boeing is not officially stating that this attack was that same WannaCry strain, a more advanced strain, or possibly not WannaCry at all, however as Avast Threat Labs reports, “It should act as a timely reminder to everyone that the threat, which caused mass disruption 10 months ago, still exists. This month, we blocked 1.7m WannaCry attacks on our users in Indonesia, 1.2m in India and 1.1m in Brazil. Both businesses and consumers around the world need to be alert and urgently patch their vulnerabilities.”

Facebook centralizes privacy controls

In the face of recent public outcry over the compromised data of 50 million Facebook users, the social media giant announced this week that new privacy controls are in the works. A new page will centralize all privacy preferences, which in current Facebook settings are spread across a couple dozen miscellaneous pages.

Facebook says its users will more easily see and understand what data they’re sharing with apps and other users. In addition, the company promises to stop allowing targeted ads that use info from third-party data brokers. This is a big step, as it’s common industry practice, but Facebook executives feel it will go a long way to improving users’ privacy.

CEO Mark Zuckerberg is set to appear on Capitol Hill next week to publicly testify before the Senate on the company’s data and privacy practices.