acm-header
Sign In

Communications of the ACM

ACM News

The Trade Secret


View as: Print Mobile App Share:
Hackers demand money to reverse the affects of ransomware.

Firms that promise high-tech ransomware solutions almost always just pay the hackers.

Credit: Adam Maida

As ransomware attacks crippled businesses and law enforcement agencies, two U.S. data recovery firms claimed to offer an ethical way out. Instead, they typically paid the ransom and charged victims extra.

From 2015 to 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the U.K. It caused more than $30 million in damage to at least 200 entities, including the cities of Atlanta and Newark, New Jersey, the Port of San Diego and Hollywood Presbyterian Medical Center in Los Angeles. It knocked out Atlanta's online water service requests and billing systems, prompted the Colorado Department of Transportation to call in the National Guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldn't be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6 million in ransom.

"You just have 7 days to send us the BitCoin," read the ransom demand to Newark. "After 7 days we will remove your private keys and it's impossible to recover your files."

At a press conference last November, then-Deputy Attorney General Rod Rosenstein announced that the U.S. Department of Justice had indicted two Iranian men on fraud charges for allegedly developing the strain and orchestrating the extortion. Many SamSam targets were "public agencies with missions that involve saving lives," and the attackers impaired their ability to "provide health care to sick and injured people," Rosenstein said. The hackers "knew that shutting down those computer systems could cause significant harm to innocent victims."

In a statement that day, the FBI said the "criminal actors" were "out of the reach of U.S. law enforcement." But they weren't beyond the reach of an American company that says it helps victims regain access to their computers. Proven Data Recovery of Elmsford, New York, regularly made ransom payments to SamSam hackers over more than a year, according to Jonathan Storfer, a former employee who dealt with them.

 

From ProPublica
View Full Article

 


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account