LA college pays $28,000 ransom demand; new sophisticated Spora ransomware


LA college pays $28,000 ransom demand; new sophisticated Spora ransomware
  1. LA college pays $28,000 ransom demand; new sophisticated Spora ransomware
    computerworld.com
    Los Angeles Valley College (LAVC) is surely glad it had cybersecurity insurance as it was hit with ransomware on New Year’s Eve. It’s unclear how much of the $28,000 ransom will be recovered via insurance, but the college made the decision to pay.A ransom note, left on one of the college’s servers, read: You have 7 days to send us the BitCoin after 7 days we will remove your private keys and it’s impossible to recover your files According to the college newspaper Valley Star, the ran…
    Internet

Los Angeles Valley College (LAVC) is surely glad it had cybersecurity insurance as it was hit with ransomware on New Year’s Eve. It’s unclear how much of the $28,000 ransom will be recovered via insurance, but the college made the decision to pay.

A ransom note, left on one of the college’s servers, read:

You have 7 days to send us the BitCoin after 7 days we will remove your private keys and it’s impossible to recover your files

According to the college newspaper Valley Star, the ransom note also included step-by-step directions for how to purchase bitcoins and make the extortion payment, as well as a demo to test the decryption process. “Check our site, you can upload two encrypted files and we will decrypt your files as demo.”

Although the San Fernando Valley community college believes it was “randomly targeted,” the ransomware infection “disrupted many computers, online, email and voice mail systems.”

The decision to capitulate and pay came after the district consulted “outside cybersecurity experts and law enforcement.” LAVC president Dr. Erika Endrijona explained (pdf), “It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost.”

Sure enough, the cyber thugs delivered a decryption key after the college coughed up the $28,000 ransom demand. The LA college described the “process to ‘unlock’ hundreds of thousands” of files as “a lengthy one,” but the “key has worked in every attempt that has been made.”

The attack probably forced the college to come up with a New Year’s resolution pertaining to backups. Rebuilding from backups is not instantaneous, but it beats having no backups at all.

When a Montana school district was hit with ransomware, Matt Jensen, superintendent of the 900-student Bigfork public schools, wasn’t thrilled with the prospect of rebuilding from backups; but at least it had some backups. The school’s network was backed up twice, so even though the on-site servers were compromised with ransomware, the off-site backup was not. He refused to pay. “We weren't going to negotiate with them," he said. There’s no guarantee the attackers will decrypt the data and paying “would only empower a criminal group.”

“Ransomware is a proven extortion method. We can expect new variants to continue entering our infrastructures in 2017 and more frequently,” said Michael Patterson, CEO of Plixer. He advised, “Security teams need to run fire drills on critical systems to determine how quickly they can return to normal business operations from backups Vs just paying the ransom and moving on. Companies need to be ready, as this threat is growing and our recourse options are very limited.”

New sophisticated Spora ransomware

Speaking of new ransomware variants, Emisoft described a new ransomware, dubbed Spora, that is capable of working offline; it does not need to communicate with a command and control server to encrypt files.

Emisoft wrote, “A couple of things immediately caught our attention: Firstly, the presentation and the interface itself have a professional, almost beautiful, look. Secondly, and unlike other ransomware, the ransom it asks for seemed comparatively low.”

A victim becomes infected by opening a zipped email attachment that contains an HTA file, which is a HTML application. If a user hasn’t enabled “show hidden files, folders and drives” in File Explorer options, then all he or she might see is something like Invoice.doc – entirely missing the real hidden extension of .HTA; in this example it could be Invoice.doc.hta.

After opening the zipped file, Word or WordP…

  1. UK e-commerce sales grow nearly 16% in 2016

    Internetretailer.com - Internet
    01.17 / 20:43 internetretailer.com
    Shoppers on smartphones helped drive online sales growth for British e-retailers in December, with sales on those devices up…
  2. Man who shoved autistic teen sentenced to community service, probation

    Blogs.democratandchronicle.com - Internet
    Martin MacDonald, 57, is scheduled to be sentenced Tuesday. He pleaded guilty in…
  3. Greece charter school leader under fire

    Blogs.democratandchronicle.com - Internet
    Parents and ex-staff members are calling for the resignation of Donna Marie…
  4. A.I. should help, not replace, workers, say CEOs of IBM and Microsoft

    Computerworld - News
    01.17 / 19:44 computerworld.com
    Artificial intelligence should enhance human workers, not replace them, at least according to the CEOs of IBM and Microsoft.Ginni Rometty and Satya Nadella made clear their view of the role of A.I. in a panel discussion at the World Economic Forum in Davos, Switzerland, on Tuesday, just a few hours after Rometty circulated IBM's three guiding principles for the development of cognitive technologies to company staff.Less dramatic and snappily expressed than Isaac Asimov's three laws of…
  5. Google+ Hides Lower-Quality Comments, Adds Photo Zoom for Web, Events

    Allfacebook.com - Internet
    01.17 / 19:37 allfacebook.com
    Remember Google+? Yes, it still exists, and it announced three major updates…
  6. Online marketplace Letgo raises $175 million as it challenges eBay and other resellers

    Internetretailer.com - Internet
    01.17 / 18:52 internetretailer.com
    App-based Letgo says annual transaction volume will hit $23 billion by…
  7. Windows 10 Redstone: A guide to the builds

    Computerworld - News
    01.17 / 18:30 computerworld.com
    Microsoft never sleeps. Even before the Windows 10 Anniversary Update was rolled out, the company began work on the next two major updates to Windows 10, code-named Redstone 2 (which will likely be fully ready in the spring of 2017) and Redstone 3.  As it did with the Anniversary Update, Microsoft has been releasing public preview builds to members of Microsoft's Insider Program via a series of public preview builds.To read this article in full or to leave a comment, please click …
  8. Newegg plans to launch an online marketplace in China

    Internetretailer.com - Internet
    01.17 / 18:15 internetretailer.com
    China is one of more than 30 countries to which Newegg plans to expand its marketplace in…
  9. Man who shoved autistic teen to be sentenced

    Blogs.democratandchronicle.com - Internet
    Martin MacDonald, 57, is scheduled to be sentenced Tuesday. He pleaded guilty in…
  10. IT and the forever revolution

    Computerworld - News
    01.17 / 17:17 computerworld.com
    In this still young century, the IT industry has become obsessed with transformation and disruption. These two terms are little more than new labels for a centuries-old phenomenon that normal humans refer to as “revolution.” IT is all about revolution. It may seem paradoxical, but moving forward, organizations need to add revolutionary thinking and revolutionary behavior to standard operating procedure. In the future, to be sustainably successful, IT executives will have to become rev…
  11. Indian outsourcing firms bracing for changes

    Smartdatacollective.com - Internet
    01.17 / 17:00 smartdatacollective.com
    Infosys Ltd. pared its revenue growth projections for 2017 due to an increasingly unpredictable political atmosphere in both the U.S. and the UK, Reuters reports. Infosys is India’s second-largest software services exporter, and the U.S. and the U.K. are its two biggest customers.read m…
  12. Intel demos retail robot

    Rcrwireless.com - Internet
    01.17 / 16:20 rcrwireless.com
    Intel CEO Brian Krzanich took the stage at the National Retail Federation’s biggest show of the year to announce a new retail platform. He said the goal is to make shopping more personal and efficient by integrating retail hardware, software, APIs and sensors in a standardized way. Intel wants to make shopper data as available [...] The post Intel demos retail robot appeared first on RCR Wireless…
  13. KDDI and Altair Demonstrate Cellular LPWA for IoT

    M2mworldnews.com - Internet
    01.17 / 16:17 m2mworldnews.com
    Leading Carrier and Chipset Provider Demonstrate CAT-M1 and Release 13 Extended Battery Life. Altair Semiconductor today announced that it has teamed up with Japan’s KDDI to demo CAT-M (a.k.a. CAT-M1 or LTE-M), the new Release 13 in conjunction with ultra-low-power consumption, using LTE extended discontinuous reception (eDRX) and power saving mode (PSM) settings. The demonstration ... The post KDDI and Altair Demonstrate Cellular LPWA for IoT appeared first on IoT Business N…
  14. Facebook Live Deals With Publishers Won’t Be Renewed (Report)

    Allfacebook.com - Internet
    01.17 / 15:56 allfacebook.com
    When it comes to paying publishers for live video content, Facebook gaveth, but Facebook reportedly taketh…
  15. MulteFire Release 1.0 spec complete; focus shifts to trials, commercialization

    Rcrwireless.com - Internet
    01.17 / 15:43 rcrwireless.com
    Founded in the December 2015, the MulteFire Alliance today announced the completion of its Release 1.0 specification for the technology, which allows for LTE connectivity without the need for costly licensed spectrum. Building on 3GPP Release 13 and 14, particularly advancements in License Assisted Access (LAA), enhanced LAA (eLAA) and carrier aggregation, MulteFire does not [...] The post MulteFire Release 1.0 spec complete; focus shifts to trials, commercialization appeared first on RCR…
  16. Nintendo Switch: One last roll of the dice – Ars Technica

    Internetdo.com - Internet
    01.17 / 15:18 internetdo.com
    Mark Walton In 2016, just 10 Wii U games were released at retail. Of those, two were Lego games, one was Mario & Sonic at the Rio 2016 Olympic Games, and the other was downright terrible (not to mention cross platform). Of the three Nintendo-made games released, only Twilight Princess HD—a slick port of 10-year-old […] The post Nintendo Switch: One last roll of the dice – Ars Technica appeared first on Internet Do. [ Please, visit website http://internetdo.com ] …
  17. Rochester spruces up public housing with $410,000 facelift

    Blogs.democratandchronicle.com - Internet
    A four-plex not far from the Public Market is where the Rochester Housing Authority hopes to start changing …
  18. Containerized And Modular Data Center: Market Trends, Drivers, And Forecast From Technavio

    Hostreview.com - Internet
    01.17 / 14:16 hostreview.com
    Technavio market research analysts forecast the global containerized and modular data center market to grow at a CAGR of more than 12% during the forecast period, according to their latest…
  19. Google Algorithm Update On January 16th, MLK Day?

    Seroundtable.com - Internet
    01.17 / 13:47 seroundtable.com
    Yesterday was a US holiday, so overall there was less people working, searching and buying online. But... …
  20. Veeam Announces Record 2016 Results: 28 Percent Year-Over-Year Growth And $607 Million In Total Revenue Bookings

    Hostreview.com - Internet
    01.17 / 13:39 hostreview.com
    Veeamamp;reg; Software,amp;nbsp;the innovative provider of solutions that deliveramp;nbsp;Availability for the Always-On Enterpriseamp;trade;, today announced record results for Q4 2016 and FY 2016: 28 percent YoY growth and $607.4M in total revenue bookings, fueled by accelerated enterprise and cloud revenues which were driven by the critical need for enterprises of all sizes to ensure they are available 24.7.365 in the Hybrid Cloud…