Ransomware outbreak hits US and European universities, Florida Supreme Court
A global ransomware outbreak has encrypted servers at the Florida Supreme Court and several universities in the US and Central Europe, according to a Reuters analysis of ransom messages posted online on affected servers.
Those organizations are among more than 3,800 victims of a fast-spreading digital extortion campaign that locked down thousands of servers across Europe over the weekend, according to figures from Ransomwhere, a crowdsourced platform that tracks digital extortion attempts and online ransom payments, whose figures are taken from internet scans.
Ransomware is one of the most powerful pests on the internet. While this particular extortion campaign was not sophisticated, it drew warnings from national cyber watchdogs, in part due to the speed at which it spread.
Ransomwhere did not name individual victims, but Reuters was able to identify several by looking up Internet protocol address information associated with affected servers using common Internet scanning tools such as Shodan.
The extent of any disruption to the affected organizations was not clear. The Florida Supreme Court did not respond to messages. Nor did the 12 universities contacted by Reuters, including the Georgia Institute of Technology in the United States, Rice University in Houston, as well as higher education institutions in Hungary and Slovakia.
Reuters contacted the hackers through an account listed on their ransom notes, but only received a payment request in return. They did not immediately respond to additional questions.
Ransomwhere said the cybercriminals appear to have extorted just $88,000, a modest loot by the standard of the multimillion-dollar ransom regularly demanded by some hacking gangs. A cybersecurity expert said the outbreak — which is believed to have exploited a two-year-old vulnerability in VMWare Inc. software — was typical of automated attacks against servers and databases that have been carried out by hackers for years.
In response, VMWare has been urging customers to upgrade to the latest versions of its software.
“This is nothing unusual,” said Patrice Auffret, founder of French internet scanning company Onyphe. “The difference is the scale.”
Also unusual is the highly visible nature of the outbreak, which began earlier this month. Because internet-facing servers were affected, investigators and tracking services like Ransomwhere or Onyphe could easily follow the criminals’ trail.
Digital security officials in Italy said on Monday there was no evidence to suggest “aggression by a state or a hostile, state-like entity”.
Samuli Könönen, an information security specialist at Finland’s National Cybersecurity Center, told Reuters the attack was likely carried out by a criminal gang, though he said it was not particularly sophisticated as many victims had managed to salvage their data without paying a ransom. .
“More experienced ransomware groups don’t usually make that kind of mistake,” he said.
USA Florida Cyber Europe Education Universities