• On CBSSports.com: Mike Tyson's daughter dies in accident
July 17, 2007 12:38 PM PDT

Ransom-based malware attacks specific companies

by Robert Vamosi

Various security companies are today reporting targeted attacks made on Fortune 1000 companies over the weekend. What's notable is that documents within each of the affected companies were stolen, encrypted, then the companies were offered a decryption key for a fee. What's odd is that the amount requested as ransom was a mere $300.

Reuters reports companies hit by the attack include Booz Allen, Unisys, Hewlett-Packard and Hughes Network Systems. Security vendors report having identified hundreds more.

The attack works like this. Malware writers target a handful of companies, somehow manage to sneak their code past the corporate antivirus protection, then encrypt what the attackers consider to be significant documents. It's unclear whether the attackers have and are otherwise using the information in the encrypted documents. The attackers then send the companies a note explaining that the document is locked with RSA-4096. The ransom aspect of this attack tends to disguise the fact that companies were compromised in the first place.

Analysis by antivirus vendor Kaspersky finds no trace of RSA-4096 and suggests a weaker form of encryption was used instead. Also, the initial malware used to harvest and encrypt the files has a self-termination date of July 17th, suggesting this was a test run for something larger. Perhaps that's why they're only demanding $300.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Recent posts from News Blog
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Was InfoWorld's CTO of the Year award a year late?
VMWare VI4 renamed to vSphere
Add a Comment (Log in or register) (5 Comments)
  • prev
  • 1
  • next
Maybe this is necessary
by qwerty75 July 17, 2007 1:57 PM PDT
In order to get companies and organizations to take security seriously.

Too many think that throwing security features at a network will save them.

Too many do not train ALL their employees in proper security practices, and enforce the rules.

And way too many think they are too small and insignificant to attract attention, so don't use anything more then the most rudimentary security practices, at best. These organizations get burned as often as the big boys.

I am not saying that this sort of thing is a positive thing, or that the attackers are acting in any sort of benevolent manner. But companies are always short-sighted and only look at profits today, they don't see the big picture especially if it is not a direct revenue generator.

They need to be hurt financially before they will take it seriously. It was the same way 100 years ago with low wages and low safety standards. They had to get hurt before they took proper moral and ethical actions. Businessman are the only subspecies of humans that never evolve.
Reply to this comment
Or maybe it is not
by zboot July 17, 2007 6:11 PM PDT
Perhaps the company is too poor to afford full fledged security measures. Maybe they're too busy trying to survive to waste time teaching the guy who is chief engineer/receptionist/janitor/salesperson how to avoid unintentionally leaking information to corporate spies. Perhaps they don't have any IT friends who are willing to work for free. Maybe they believe one shouldn't need to be uber huge, have oodles of technical competence, or some other thing that I'm not typing - in order to compete online.
View reply
(5 Comments)
  • prev
  • 1
  • next
advertisement

Making sense of Windows 7 upgrades

faq The basics and the fine print on Microsoft's options for those eyeing the next operating system from Redmond.
• Full Windows 7 coverage

Road Trip 2009: Big Sky Country

CNET News reporter Daniel Terdiman takes his car full of gadgets to the Rockies and the Great Plains in search of tech, science, nature, and more.
• America's Fortress: Cheyenne Mountain

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right