The Jim Bakker Show

Patriotic Russians may have staged cyber attacks on own initiative: Putin

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture

ST PETERSBURG, Russia (Reuters) – President Vladimir Putin said on Thursday that patriotic Russian hackers may have staged cyber attacks against countries that had strained relations with Moscow on their own initiative, but said the Russian state had never been involved in such hacking.

Putin, speaking to international media at an economic forum in St Petersburg, was answering a question about allegations Moscow might try to interfere in this year’s German elections.

Moscow’s attitude toward cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the White House, something Russia has flatly denied.

“If they (hackers) are patriotically-minded, they start to make their own contribution to what they believe is the good fight against those who speak badly about Russia. Is that possible? Theoretically it is possible,” said Putin.

Likening hackers to free-spirited artists acting according to their moods, he said cyber attacks could be made to look like they had come from Russia when they had not.

Putin also said he was personally convinced that hackers could not materially alter election campaigns in Europe, America or elsewhere.

“On a state level we haven’t been involved in this (hacking), we aren’t planning to be involved in it. Quite the opposite, we are trying to combat it inside our country,” said Putin.

(Reporting by Denis Pinchuk; Writing by Alexander Winning; Editing by Andrew Osborn)

Chipotle says hackers hit most restaurants in data breach

Signage for a Chipotle Mexican Grill is seen in Los Angeles, California, United States, April 25, 2016. REUTERS/Lucy Nicholson/File Photo

By Lisa Baertlein

(Reuters) – Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill Inc’s <CMG.N> restaurants over a span of three weeks, the company said on Friday, adding to woes at the chain whose sales had just started recovering from a string of food safety lapses in 2015.

Chipotle said it did not know how many payment cards or customers were affected by the breach that struck most of its roughly 2,250 restaurants for varying amounts of time between March 24 and April 18, spokesman Chris Arnold said via email.

A handful of Canadian restaurants were also hit in the breach, which the company first disclosed on April 25.

Stolen data included account numbers and internal verification codes. The malware has since been removed.

The information could be used to drain debit card-linked bank accounts, make “clone” credit cards, or to buy items on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the non-profit Privacy Rights Clearinghouse.

The breach could once again threatens sales at its restaurants, which only recently recovered after falling sharply in late 2015 after Chipotle was linked to outbreaks of E. coli, salmonella and norovirus that sickened hundreds of people.

An investigation into the breach found the malware searched for data from the magnetic stripe of payment cards.

Arnold said Chipotle could not alert customers directly as it did not collect their names and mailing addresses at the time of purchase.

The company posted notifications on the Chipotle and Pizzeria Locale websites and issued a news release to make customers aware of the incident.

Linn Freedman, an attorney at Robinson & Cole LLP specializing in data breach response, said Chipotle was putting the burden on the consumer to discover possible fraudulent transactions by notifying them through the websites.

“I don’t think you will get to all of the customers who might have been affected,” she said.

Security analysts said Chipotle would likely face a fine based on the size of the breach and the number of records compromised.

“If your data was stolen through a data breach that means you were somewhere out of compliance” with payment industry data security standards, Julie Conroy, research director at Aite Group, a research and advisory firm.

“In this case, the card companies will fine Chipotle and also hold them liable for any fraud that results directly from their breach,” said Avivah Litan, a vice president at Gartner Inc <IT.N> specializing in security and privacy.

Chipotle did not immediately comment on the prospect of a fine.

Retailer Target Corp <TGT.N> in 2017 agreed to pay $18.5 million to settle claims stemming from a massive data breach in late 2013.

Hotels and restaurants have also been hit. They include Trump Hotels, InterContinental Hotels Group <IHG.L> as well as Wendy’s <WEN.O>, Arby’s and Landry’s restaurants.

Shares in Chipotle Mexican Grill ended marginally lower at $480.15 on Friday following the announcement.

(Additional reporting by Natalie Grover and Siddharth Cavale in Bengaluru and Tom Polansek and Nandita Bose in Chicago; Editing by Grant McCool and Lisa Shumaker)

Newly discovered vulnerability raises fears of another WannaCry

FILE PHOTO: A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

SINGAPORE (Reuters) – A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that caused by WannaCry, which infected more than 300,000 computers worldwide, cybersecurity researchers said on Thursday.

The U.S. Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch.

Rebekah Brown of Rapid7, a cybersecurity company, told Reuters that there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced.

But she said it had taken researchers only 15 minutes to develop malware that made use of the hole. “This one seems to be very, very easy to exploit,” she said.

Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers. There are likely to be many more, it said in response to emailed questions.

Most of the computers found are running older versions of the software and cannot be patched, said Brown.

Some of the computers appear to belong to organizations and companies, she said, but most were home users.

The vulnerability could potentially be used to create a worm like the one which allowed WannaCry to spread so quickly, Brown said, but that would require an extra step for the attacker.

Cybersecurity researchers have said they believe North Korean hackers were behind the WannaCry malware, which encrypted data on victims’ computers and demanded bitcoin in return for a decryption key.

(Reporting and writing By Jeremy Wagstaff; Editing by Michael Perry)

Hackers hit Russian bank customers, planned international cyber raids

By Jack Stubbs

MOSCOW (Reuters) – Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were planning to target European lenders before their arrest, investigators and sources with knowledge of the case told Reuters.

Their campaign raised a relatively small sum by cyber-crime standards – more than 50 million roubles ($892,000) – but they had also obtained more sophisticated malicious software for a modest monthly fee to go after the clients of banks in France and possibly a range of other western nations.

Russia’s relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers.

The Kremlin has repeatedly denied the allegation.

The gang members tricked the Russian banks’ customers into downloading malware via fake mobile banking applications, as well as via pornography and e-commerce programs, according to a report compiled by cyber security firm Group-IB which investigated the attack with the Russian Interior Ministry.

The criminals – 16 suspects were arrested by Russian law enforcement authorities in November last year – infected more than a million smartphones in Russia, on average compromising 3,500 devices a day, Group-IB said.

The hackers targeted customers of state lender Sberbank <SBER.MM>, and also stole money from accounts at Alfa Bank and online payments company Qiwi <QIWI.O>, exploiting weaknesses in the companies’ SMS text message transfer services, said two people with direct knowledge of the case.

Although operating only in Russia before their arrest, they had developed plans to target large European banks including French lenders Credit Agricole <CAGR.PA>, BNP Paribas <BNPP.PA> and Societe Generale <SOGN.PA>, Group-IB said.

A BNP Paribas spokeswoman said the bank could not confirm this information, but added that it “has a significant set of measures in place aimed at fighting cyber attacks on a daily basis”. Societe Generale and Credit Agricole declined comment.

The gang, which was called “Cron” after the malware it used, did not steal any funds from customers of the three French banks. However, it exploited the bank service in Russia that allows users to transfer small sums to other accounts by sending an SMS message.

Having infected the users’ phones, the gang sent SMS messages from those devices instructing the banks to transfer money to the hackers’ own accounts.

The findings illustrate the dangers of using SMS messages for mobile banking, a method favored in emerging countries with less advanced internet infrastructure, said Lukas Stefanko, a malware researcher at cyber security firm ESET in Slovakia.

“It’s becoming popular among developing nations or in the countryside where access to conventional banking is difficult for people,” he said. “For them it is quick, easy and they don’t need to visit a bank… But security always has to outweigh consumer convenience.”

CYBER CRIMINALS

The Russian Interior Ministry said a number of people had been arrested, including what it described as the gang leader. This was a 30-year-old man living in Ivanovo, an industrial city 300 km (185 miles) northeast of Moscow, from where he had commanded a team of 20 people across six different regions.

Four people remain in detention while the others are under house arrest, the ministry said in a statement.

“In the course of 20 searches across six regions, police seized computers, hundreds of bank cards and SIM cards registered under fake names,” it said.

Group-IB said the existence of the Cron malware was first detected in mid-2015, and by the time of the arrests the hackers had been using it for under a year.

The core members of the group were detained on Nov. 22 last year in Ivanovo. Photographs of the operation released by Group-IB showed one suspect face down in the snow as police in ski masks handcuffed him.

The “Cron” hackers were arrested before they could mount attacks outside Russia, but plans to do that were at an advanced stage, said the investigators.

Group-IB said that in June 2016 they had rented a piece of malware designed to attack mobile banking systems, called “Tiny.z” for $2,000 a month. The creators of the “Tiny.z” malware had adapted it to attack banks in Britain, Germany, France, the United States and Turkey, among other countries.

The “Cron” gang developed software designed to attack lenders including the three French groups, it said, adding it had notified these and other European banks at risk.

A spokeswoman for Sberbank said she had no information about the group involved. However, she said: “Several groups of cyber criminals are working against Sberbank. The number of groups and the methods they use to attack us change constantly.”

“It isn’t clear which specific group is being referred to here because the fraudulent scheme involving Android OS (operating system) viruses is widespread in Russia and Sberbank has effectively combated it for an extensive period of time.”

Alfa Bank did not provide a comment. Qiwi did not respond to multiple requests for comment.

Google <GOOGL.O>, the maker of Android, has taken steps in recent years to protect users from downloading malicious code and by blocking apps which are insecure, impersonate legitimate companies or engage in deceptive behaviors.

A Google spokesman said: “We’ve tracked this malware family for several years and will continue to take action on its variants to protect our users.”

FAKE MOBILE APPS

The Russian authorities, bombarded with allegations of state-sponsored hacking, are keen to show Russia too is a frequent victim of cyber crime and that they are working hard to combat it. The interior and emergencies ministries, as well as Sberbank, said they were targeted in a global cyberattack earlier this month.

Since the allegations about the U.S. election hacking, further evidence has emerged of what some Western officials say is a symbiotic relationship between cyber criminals and Russian authorities, with hackers allowed to attack foreign targets with impunity in return for cooperating with the security services while Moscow clamps down on those operating at home.

The success of the Cron gang was facilitated by the popularity of SMS-banking services in Russia, said Dmitry Volkov, head of investigations at Group-IB.

The gang got their malware on to victims’ devices by setting up applications designed to mimic banks’ genuine apps. When users searched online, the results would suggest the fake app, which they would then download. The hackers also inserted malware into fake mobile apps for well-known pornography sites.

After infecting a customer’s phone, the hackers were able to send a text message to the bank initiating a transfer of up to $120 to one of 6,000 bank accounts set up to receive the fraudulent payments.

The malware would then intercept a confirmation code sent by the bank and block the victim from receiving a message notifying them about the transaction.

“Cron’s success was due to two main factors,” Volkov said. “First, the large-scale use of partner programs to distribute the malware in different ways. Second, the automation of many (mobile) functions which allowed them to carry out the thefts without direct involvement.”

($1 = 56.0418 roubles)

(The story is refiled to fix typo in spelling of Societe Generale)

(Additional reporting by Maya Nikolaeva in Paris and Eric Auchard in Frankfurt; Editing by Christian Lowe and David Stamp)

Exclusive: Hackers hit Russian bank customers, planned international cyber raids

FILE PHOTO: SIM cards are reflected on a monitor showing binary digits in this picture illustration taken

By Jack Stubbs

The Kremlin has repeatedly denied the allegation.

The hackers targeted customers of state lender Sberbank, and also stole money from accounts at Alfa Bank and online payments company Qiwi, exploiting weaknesses in the companies’ SMS text message transfer services, said two people with direct knowledge of the case.

Although operating only in Russia before their arrest, they had developed plans to target large European banks including French lenders Credit Agricole, BNP Paribas and Societe General, Group-IB said.

Having infected the users’ phones, the gang sent SMS messages from those devices instructing the banks to transfer money to the hackers’ own accounts.

CYBER CRIMINALS

Four people remain in detention while the others are under house arrest, the ministry said in a statement.

“In the course of 20 searches across six regions, police seized computers, hundreds of bank cards and SIM cards registered under fake names,” it said.

Group-IB said the existence of the Cron malware was first detected in mid-2015, and by the time of the arrests the hackers had been using it for under a year.

The “Cron” hackers were arrested before they could mount attacks outside Russia, but plans to do that were at an advanced stage, said the investigators.

The “Cron” gang developed software designed to attack lenders including the three French groups, it said, adding it had notified these and other European banks at risk.

Alfa Bank did not provide a comment. Qiwi did not respond to multiple requests for comment.

Google, the maker of Android, has taken steps in recent years to protect users from downloading malicious code and by blocking apps which are insecure, impersonate legitimate companies or engage in deceptive behaviors.

A Google spokesman said: “We’ve tracked this malware family for several years and will continue to take action on its variants to protect our users.”

FAKE MOBILE APPS

The success of the Cron gang was facilitated by the popularity of SMS-banking services in Russia, said Dmitry Volkov, head of investigations at Group-IB.

The malware would then intercept a confirmation code sent by the bank and block the victim from receiving a message notifying them about the transaction.

($1 = 56.0418 roubles)

(Additional reporting by Maya Nikolaeva in Paris and Eric Auchard in Frankfurt; Editing by Christian Lowe and David Stamp)

Hackers mint crypto-currency with technique in global ‘ransomware’ attack

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Joseph Menn

SAN FRANCISCO (Reuters) – A computer virus that exploits the same vulnerability as the global “ransomware” attack has latched on to more than 200,000 computers and begun manufacturing digital currency, experts said Tuesday.

The development adds to the dangers exposed by the WannaCry ransomware and provides another piece of evidence that a North Korea-linked hacking group may be behind the attacks.

WannaCry, developed in part with hacking techniques that were either stolen or leaked from the U.S. National Security Agency, has infected more than 300,000 computers since Friday, locking up their data and demanding a ransom payment to release it.

Researchers at security firm Proofpoint said the related attack, which installs a currency “miner” that generates digital cash, began infecting machines in late April or early May but had not been previously discovered because it allows computers to operate while creating the digital cash in the background.

Proofpoint executive Ryan Kalember said the authors may have earned more than $1 million, far more than has been generated by the WannaCry attack.

Like WannaCry, the program attacks via a flaw in Microsoft Corp’s <MSFT.O> Windows software. That hole has been patched in newer versions of Windows, though not all companies and individuals have installed the patches.

Digital currencies based on a technology known as blockchain operate by enabling the creation of new currency in exchange for solving complex math problems. Digital “miners” run specially configured computers to solve the problems and generate currency, whose value ultimate fluctuates according to market demand.

Bitcoin is by far the largest such currency, but the new mining program is not aimed at Bitcoin. Rather it targeted a newer digital currency, called Monero, that experts say has been pursued recently by North Korean-linked hackers.

North Korea has attracted attention in the WannaCry case for a number of reasons, including the fact that early versions of the WannaCry code used some programming lines that had previously been spotted in attacks by Lazarus Group, a hacking group associated with North Korea.

Security researchers and U.S. intelligence officials have cautioned that such evidence is not conclusive, and the investigation is in its early stages.

In early April, security firm Kaspersky Lab said that a wing of Lazarus devoted to financial gain had installed software to mine Monero on a server in Europe.

A new campaign to mine the same currency, using the same Windows weakness as WannaCry, could be coincidence, or it could suggest that North Korea was responsible for both the ransomware and the currency mining.

Kalember said he believes the similarities in the European case, WannaCry and the miner were “more than coincidence.”

“It’s a really strong overlap,” he said. “It’s not like you see Monero miners all over the world.”

The North Korean mission to the United Nations could not be reached for comment, while the FBI declined to comment.

(Fixes spelling of digital currency in paragraphs 11 and 14 to Monero not Moreno.)

(Reporting by Joseph Menn; Editing by Jonathan Weber and Cynthia Osterman)

Cyber attack eases, hacking group threatens to sell code

Hardwares used for Cybersecurity are displayed at the desk of Security Platform during the TechCrunch Disrupt event in Manhattan, in New York City, NY, U.S. May 15, 2017. REUTERS/Eduardo Munoz

By Dustin Volz

WASHINGTON (Reuters) – Governments turned their attention to a possible new wave of cyber threats on Tuesday after the group that leaked U.S. hacking tools used to launch the global WannaCry “ransomware” attack warned it would release more malicious code.

The fast-spreading cyber extortion campaign, which has infected more than 300,000 computers worldwide since Friday, eased for second day on Tuesday, but the identity and motive of its creators remain unknown.

The attack includes elements that belong to the U.S. National Security Agency and were leaked online last month.

Shadow Brokers, the group that has taken credit for that leak, threatened on Tuesday to release more recent code to enable hackers to break into the world’s most widely used computers, software and phones.

A blog post written by the group promised from June to release tools every month to anyone willing to pay for access to some of the tech world’s biggest commercial secrets.

It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. “More details in June,” it promised.

The spread of the WannaCry attack – which encrypts a user’s data and demands a “ransom” be paid electronically to free it up again – slowed to a trickle on Tuesday, with few, isolated examples being reported.

In Canada, the Universite de Montreal was hit, with 120 of the French-language university’s 8,300 computers affected, according to a university spokeswoman.

There were no new, major incidents in the United States. Fewer than 10 U.S. organizations have reported attacks to the Department of Homeland Security since Friday, a U.S. official told reporters on Tuesday.

The attack has caused most damage in Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.

The United States likely avoided greater harm as the attack targeted older versions of Microsoft Corp’s <MSFT.O> Windows operating system, and more U.S. users have licensed, up-to-date, patched versions of the software, compared to other regions of the world.

The Department of Homeland Security began an “aggressive awareness campaign” to alert the tech industry to the importance of installing the patch that Microsoft issued in March that protected users from the vulnerability exploited by the attack, a U.S. official working on the attack told Reuters.

Microsoft said on Tuesday it was aware of Shadow Brokers’ most recent claim and that its security teams monitor potential threats in order to “help us prioritize and take appropriate action.”

Microsoft President and Chief Legal Officer Brad Smith said earlier this week the WannaCry attack used elements stolen from the NSA. The U.S. government has not commented directly on the matter.

NORTH KOREA LINK PROBED

Cyber security researchers around the world have said they have found evidence that could link North Korea with the WannaCry cyber attack.

A researcher from South Korea’s Hauri Labs said on Tuesday their own findings matched those of Symantec <SYMC.O> and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.

“It is similar to North Korea’s backdoor malicious codes,” said Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea’s hacking capabilities and advises South Korean police and National Intelligence Service.

Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta.

FireEye Inc <FEYE.O>, another large cyber security firm, said it was also investigating, but it was cautious about drawing a link to North Korea.

“The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator,” FireEye researcher John Miller said.

U.S. and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.

North Korea has denied being behind the Sony and banking attacks. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.

NO INFORMATION TO SHARE

In China, foreign ministry spokeswoman Hua Chunying said she had no information to share, when asked about the origin of the attack and whether North Korea might be connected.

Several Asian countries have been affected by the malware, although the impact has not been as widespread as some had feared.

In Malaysia, cyber security firm LE Global Services said it identified 12 cases so far, including a large government-linked corporation, a government-linked investment firm and an insurance company. It did not name any of the entities.

“We may not see the real picture yet, as companies are not mandated to disclose security breaches to authorities in Malaysia,” said LE Global CEO Fong Choong Fook.

“The real situation may be serious. In one of the cases, the attack was traced back to early April.”

Vietnam’s state media said on Tuesday more than 200 computers had been affected, but one of the country’s leading anti virus companies, Bkav, later put the figure at 1,900.

Taiwan Power Co. <TAIWP.UL> said that nearly 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.

(Additional reporting by Eric Auchard in Frankfurt, Julia Edwards Ainsley in Washington, Jim Finkle in Toronto, Allison Lampert in Montreal, Jess Macy Yu in Taipei, My Pham and Mai Nguyen in Hanoi, Ju-min Park in Seoul, Michael Martina in Beijing and Liz Lee in Kuala Lumpur,; Writing by Jeremy Wagstaff in Singapore and Bill Rigby in New York; Editing by Sam Holmes)

British hospitals, Spanish firms among targets of huge cyberattack

An ambulance waits outside the emergency department at St Thomas' Hospital in central London, Britain May 12, 2017. REUTERS/Stefan Wermuth

By Costas Pitas and Carlos Ruano

LONDON/MADRID (Reuters) – A huge cyberattack brought disruption to Britain’s health system on Friday and infected many Spanish companies with malicious software, and security researchers said a dozen other countries may be affected.

Hospitals and doctors’ surgeries in parts of England were forced to turn away patients and cancel appointments. People in affected areas were being advised to seek medical care only in emergencies.

“We are experiencing a major IT disruption and there are delays at all of our hospitals,” said the Barts Health group, which manages major London hospitals. Routine appointments had been canceled and ambulances were being diverted to neighboring hospitals.

Telecommunications giant Telefonica was among the targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services.

Authorities in both countries said the attack was conducted using ‘ransomware’ – malicious software that infects machines, locks them up by encrypting data and demands a ransom to restore access. They identified the type of malware as ‘Wanna Cry’, also known as ‘Wanna Decryptor’.

A Telefonica spokesman said a window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files.

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement. Still, the news prompted security teams at large financial services firms and businesses around the world to review their plans for defending against ransomware attacks, according to executives with private cyber security firms.

A spokeswoman for Portugal Telecom said: “We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services were affected.”

British based cyber researcher Chris Doman of AlienVault said the ransomware “looks to be targeting a wide range of countries”, with preliminary evidence of infections from 14 countries so far, also including Russia, Indonesia and Ukraine.

PM BRIEFED

A spokesman for British Prime Minister Theresa May said she was being kept informed of the incident, which came less than four weeks before a parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year’s U.S. election and on the eve of this month’s presidential vote in France.

But those attacks – blamed on Russia, which has repeatedly denied them – followed a entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

The full extent of Friday’s disruption in Britain remained unclear.

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,” NHS Digital, the computer arm of the health service, said in a statement.

Britain’s National Cyber Security Centre, part of the GCHQ spy agency, said it was aware of a cyber incident and was working with NHS Digital and the police to investigate.

A reporter from the Health Service Journal said the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain’s National Cryptology Centre of “a massive ransomware attack.”

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

It was not immediately clear how many Spanish organizations had been compromised by the attacks, if any critical services had been interrupted or whether victims had paid cyber criminals to regain access to their networks.

(Additional reporting by Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Kate Holton, Andy Bruce, Michael Holden and David Milliken; Editing by Mark Trevelyan and Ralph Boulton)

GE fixing bug in software after warning about power grid hacks

By Jim Finkle

(Reuters) – General Electric Co <GE.N> said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility’s power systems after researchers found that hackers could shut down parts of an electric grid.

The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to “disconnect sectors of the power grid at will,” according to an abstract posted late last week on the Black Hat security conference website.

Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.

Interest in grid security has intensified amid the increased use of cyber weapons by nation states, including two high-profile cyber attacks in Ukraine that authorities in Kiev have blamed on Russia.

Three New York University security experts are scheduled to discuss the issue at the Las Vegas Black Hat hacking conference in July. They could not be reached immediately for comment.

GE is not aware of any cases in which hackers exploited the bug to cause power outages, said GE spokeswoman Annette Busateri. The bug only involves older GE protection relays introduced in the 1990s “before current industry expectations for security,” she said.

“We have been in the process of issuing notifications and providing product upgrades to our affected customer base on available firmware updates to address this issue,” she said.

GE has issued patches for five of six models affected by the vulnerability and will soon release a patch for the sixth model, Busateri said.

Michael Assante, former chief security officer with the North American Electric Reliability Corp, which regulates the North American grid, said the product was still widely deployed because the industry runs systems for decades before upgrading to new technologies.

“This is certainly a significant issue,” he said.

Hackers caused power to go out in 2015 and 2016 attacks in Ukraine by using other techniques to force breakers to open, Assante said.

(Reporting by Jim Finkle in Toronto; Editing by Chizu Nomiyama and Jeffrey Benkoe)

Cyber extortion demands surge as victims keep paying: Symantec

A man walks past a display of hexadecimal code in a file photo. REUTERS/Nigel Treblin

By Alastair Sharp

TORONTO (Reuters) – Hackers are demanding increasingly hefty ransoms to free computers paralyzed with viruses, as cyber criminals seek to maximize profits from large numbers of victims willing to pay up, according to cyber security firm Symantec Corp.

The average demand embedded in such malicious software, which is known as ransomware, more than tripled last year to $1,077 from $294, and the pricing has continued to rise in 2017, according to Symantec.

“The bad guys haven’t found the top end of what people will pay,” Symantec Director of Security Response Kevin Haley said in a telephone interview.

Symantec said 69 percent of ransomware infections in 2016 hit consumer computers, with the remainder targeting businesses and other organizations.

More than a third of consumer ransomware victims around the globe pay cyber criminals to regain access to their data, according to Symantec. In the United States, where such attacks are most prevalent, 64 percent pay.

“If six out of ten people will pay your ransom when it’s three hundred bucks, you’re thinking ‘What if I raise it to four hundred? What if I raise to five hundred?'” Haley said.

The surge in cyber extortion has been fueled partly by the sale of ransomware kits, which sell for $10 to $1,800 on underground markets and make it easy for wannabe cyber crooks to get in the business, according to Symantec.

One kit, known as Shark, lets users name their demand, which its creators collect from victims and pass on to attackers, minus a 20 percent commission.

Ransomware attacks have increased sharply over the past year, with criminals targeting hospitals, police departments and other providers of critical services in the United States and Europe.

In some cases, the attacks have interrupted critical public services.

U.S. and European hospitals have been forced to divert patients to other facilities when ransomware paralyzed computer systems.

Local police have been forced to manually dispatch calls, and San Francisco’s public transit system was unable to collect fares for a weekend during the busy Christmas shopping season.

(Reporting by Alastair Sharp; Editing by Steve Orlofsky; Editing by Jim Finkle and Steve Orlofsky)

Sign up for Jim Bakker Show