Ransomware

[longknife]

First I've heard of it was today while scanning my RSS feeds. Appears to be another form of virus, especially infecting Android apps.


Came across some info on detecting and removing it:


How to rescue your PC from ransomware @ How to rescue your PC from ransomware PCWorld


Ransomware - What is ransomware? @ Microsoft Malware Protection Center - Ransomware


I originally got this from: Got Android? Be Careful Out There! @ Dad29 Got Android Be Careful Out There

 

[waltky]

Hollywood Presbyterian Medical Center in Calif. hit by ransomware attack...

LA Hospital Ransomware Attack Worries Cybersecurity Experts
February 19, 2016 — Cybersecurity experts worry that the $17,000 a Los Angeles hospital paid hackers to regain control of its computers could signal a troubling escalation of the growing "ransomware'' threat.

Though patient care was not "compromised in any way,'' Hollywood Presbyterian Medical Center paid the bounty "in the best interest of restoring normal operations,'' President Allen Stefanek said in a written statement. A typical attack starts when a person opens an emailed link or attachment. Malicious code locks the computer — or, worse, an entire network. Victims pay hackers for a "key'' to unlock their machines — and may be desperate to do so if they have not diligently backed up their data and networks. Many ransomware victims pay quietly, or abandon infected machines. It was unusual that Hollywood Presbyterian, which has more than 400 beds and is owned by CHA Medical Center of South Korea, both revealed the attack publicly and disclosed its cost.

Computer security experts said hospitals are particularly vulnerable because some medical equipment runs on old operating systems that cannot easily be safeguarded. If an employee opens an infected file from a computer that also connects with a patient monitoring station or insulin pump, those devices also could be locked. Hospitals have not been as diligent in combating cyber threats such as ransomware as other sectors, according to several experts, despite the life-and-death nature of their operations, their tight control over patient information and mandates that they move toward electronic record keeping. Hospitals are "about 10 to 15 years behind the banking industry'' in combatting cyber threats, said Lysa Myers, a researcher with the computer security firm ESET. The math behind whether to pay a ransom demand can be simple. Paying thousands of dollars to resolve a serious attack that has penetrated a multimillion dollar business such as a large hospital would be "a no brainer,'' said James Carder, chief information security officer of LogRhythm, a security intelligence and analytics firm.

The Hollywood Presbyterian Medical Center is pictured in Los Angeles, California, Feb. 16, 2016. The FBI is investigating a cyberattack that locked down the hospital's electronic database for days, pending payment of ransom to the hackers.​

Several companies have told Carder that the FBI suggested they pay ransom, he said. Jason Haddix, the director of technical operations at the information security firm Bugcrowd, said companies also have told him the same. "If you're at a point where you can't do anything,'' said Haddix, "sometimes the only option is to pay.'' An FBI spokeswoman did not immediately respond when asked whether the FBI has in some cases suggested that a company pay. The agency said it is investigating the Hollywood Presbyterian case. "Ransomware has been around for several years, but there's been a definite uptick lately in its use by cyber criminals,'' the FBI wrote in a 2015 post on its website. The agency said that it is "targeting these offenders and their scams.'' Hollywood Presbyterian paid 40 bitcoins, a digital currency of floating value that on Thursday was worth about $420 each. The problem was first noticed Feb. 5, hospital president Stefanek said, and its system was fully functioning 10 days later. One reason hackers are attracted to ransomware is that it can be created with relative ease — do-it-yourself ransomware kits are available — and the return on investment can be strong.

To launch a ransomware campaign that lasts one month might cost $5,900, and generate about $90,000 in revenue, according to projections by the cyber security firm Trustwave. A report from Intel Corp.'s McAfee Labs released in November said the number of ransomware attacks is expected to grow in 2016 because of increased sophistication in the software used to do it. The company estimates that on average, 3 percent of users with infected machines pay a ransom. While a hacker may get several hundred dollars to unlock many individual computers, getting $17,000 is a decent payday. Based on the public confirmation of that figure, hackers are "going to begin to test the price,'' said Jack Danahy, chief technology officer at cyber security firm Barkly. The best defense against a ransomware attack is not to click on unknown links and attachments. Intrusion detection systems and firewalls can help if a person does click — but once the ransomware is entrenched, if the system does not have good system backup practices, the choices boil down to paying or never regaining control.

LA Hospital Ransomware Attack Worries Cybersecurity Experts

 

[Kat]

Well, this all sounds good...

 

[waltky]

Ransomware attacks expected to rise...

Tech Group: ‘2016 Will Be the Year Ransomware Holds America Hostage’
March 9, 2016 -- “2016 is the year ransomware will wreak havoc on America’s critical infrastructure community,” warned a new report released Wednesday by the Institute for Critical Infrastructure Technology (ICIT). “’To Pay or Not to Pay’ will be the question fueling heated debate in boardrooms across the Nation and abroad,” predicts ICIT, a non-profit, non-partisan group that acts as “a conduit between the private sector, federal agencies, and the legislative community.”

Ransomware is a cyberattack that holds a victim’s computer system for ransom by encrypting data files or completely locking it down. Cybercriminals then demand a ransom for the decryption key, threatening to destroy the data if the victim does not comply. “Ransomware is rampant,” ICIT reports, with some attacks posing as bogus law enforcement announcements. Businesses, healthcare organizations, educational, religious, and financial institutions have all been victims of ransomware, which is often accompanied by denial of service attacks that cost victims an average of $500 per minute, notes the report, which was co-authored by ICIT senior fellows James Scott and Parham Eftekhari. Even police and fire departments have been targeted. “Victims have to make a very difficult decision. Either pay the ransom without knowledge of who receives that money and what further harm is done with it or lose all of their data behind a layer of encryption… In numerous cases, organizations tend to pay because, for them, every minute of downtime directly equates to lost revenue.”

Last weekend, ransomware called KeRanger demanded that owners of Macintosh computers pay one bitcoin (about $405) to unlock their computers. KeRanger, the first “fully functional” ransomware to infect Macs, was spread via Transmission, a popular open source information sharing network used to download software, music and videos. It first appeared on March 4, but was successfully shut down two days later after infecting about 6,500 computers, Forbes reported. “Ransomware threat actors adopt the highwayman mentality by threatening the lifeblood of their victims – information – and boldly offering an ultimatum,” the ICIT report stated, adding that “a small team can easily infect and ransom millions of systems. The attackers only need a few users per million of targets to pay ransom for the campaign to be successful.”

Ransomware mimicking a message from law enforcement.​

The ICIT report warns that “mobile devices, personal computers, industrial control systems, refrigerators, portable hard drives, etc.” are “not secured in the slightest against a ransomware threat.” “With [the] prevalence of mobile devices and the looming shadow of the internet of things, the potential threat landscape available to ransomware threat actors is too tantalizing a target to ignore,” it pointed out. The FBI, which has set up an Internet Crime Complaint Center, also warns that the use of ransomware “is on the rise” and lists a number of ways Americans can protect themselves. But ICIT points out that “law enforcement has neither the time nor the resources to track down the culprits,” citing a February attack on the Horry County, S.C. school district, which paid hackers nearly $10,000 to decrypt 25 servers “after an FBI investigation yielded no alternative action.”

The report also quoted Joseph Bonavolonta, head of the FBI's CYBER and Counterintelligence Program, who said last October: "To be honest, we often advise people just to pay the ransom. “Organizations should protect their networks as if it was a castle under siege,” the tech group urged, because “no security vendor or law enforcement authority can help victims recover from these attacks.” ICIT has also published “Know Your Enemies” – “a primer on advanced persistent threat groups” in numerous foreign countries that are targeting Americans, including China, Russia, Iran, North and South Korea, Syria, France and Israel.

Tech Group: ‘2016 Will Be the Year Ransomware Holds America Hostage’

 

[Ringel05]

Probably affects businesses more than personal users unless you keep everything stored on your computer, which is a dumb thing to do anyway. Someone hijacks my computer, I simply wipe it and reinstall the operating system, all my files go to thumb drives or DVDs.

 

[iamwhatiseem]

Probably affects businesses more than personal users unless you keep everything stored on your computer, which is a dumb thing to do anyway. Someone hijacks my computer, I simply wipe it and reinstall the operating system, all my files go to thumb drives or DVDs.

If a business get's caught by ransomware, in most cases, it means they do not practice proper security.
All of our embedded systems, application servers etc. I have set a static IP with no DNS settings...result - internal network connections work perfect, but it cannot reach the internet or be reached by the internet.
Even our main file server I have no DNS settings. You don't need internet access for PC's to store files.

 

[waltky]

Ransom demand paid in Bitcoin...

Exclusive: Chinese hackers behind U.S. ransomware attacks - security firms
Mon Mar 14, 2016 - Hackers using tactics and tools previously associated with Chinese government-supported computer network intrusions have joined the booming cyber crime industry of ransomware, four security firms that investigated attacks on U.S. companies said.

Ransomware, which involves encrypting a target's computer files and then demanding payment to unlock them, has generally been considered the domain of run-of-the-mill cyber criminals. But executives of the security firms have seen a level of sophistication in at least a half dozen cases over the last three months akin to those used in state-sponsored attacks, including techniques to gain entry and move around the networks, as well as the software used to manage intrusions. “It is obviously a group of skilled of operators that have some amount of experience conducting intrusions,” said Phil Burdette, who heads an incident response team at Dell SecureWorks. Burdette said his team was called in on three cases in as many months where hackers spread ransomware after exploiting known vulnerabilities in application servers. From there, the hackers tricked more than 100 computers in each of the companies into installing the malicious programs.

The victims included a transportation company and a technology firm that had 30 percent of its machines captured. Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December. Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China, Attack Research Chief Executive Val Smith told Reuters. The ransomware attacks have not previously been reported. None of the companies that were victims of the hackers agreed to be identified publicly. The security companies investigating the advanced ransomware intrusions have various theories about what is behind them, but they do not have proof and they have not come to any firm conclusions.

The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin​

Most of the theories flow from the possibility that the Chinese government has reduced its support for economic espionage, which it pledged to oppose in an agreement with the United States late last year. Some U.S. companies have reported a decline in Chinese hacking since the agreement. Smith said some government hackers or contractors could be out of work or with reduced work and looking to supplement their income via ransomware. It is also possible, Burdette said, that companies which had been penetrated for trade secrets or other reasons in the past were now being abandoned as China backs away, and that spies or their associates were taking as much as they could on the way out. In one of Dell’s cases, the means of access by the team spreading ransomware was established in 2013.

The cyber security experts could not completely rule out more prosaic explanations, such as the possibility that ordinary criminals had improved their skills and bought tools previously used only by governments. Dell said that some of the malicious software had been associated by other security firms with a group dubbed Codoso, which has a record of years of attacks of interest to the Chinese government, including those on U.S. defense companies and sites that draw Chinese minorities.

PAYMENT IN BITCOIN

 

[Bleipriester]

My ransomware sends your favorite porn movies to your wife. I know, it cannot send all these Terabytes but it investigates your mediaplayers´ histories. Oh shit, you creeping niggards, that means some broken marriages.

 

[Ringel05]

My ransomware sends your favorite porn movies to your wife. I know, it cannot send all these Terabytes but it investigates your mediaplayers´ histories. Oh shit, you creeping niggards, that means some broken marriages.

Standard Russian spy tactics.......

 

[Bleipriester]

My ransomware sends your favorite porn movies to your wife. I know, it cannot send all these Terabytes but it investigates your mediaplayers´ histories. Oh shit, you creeping niggards, that means some broken marriages.

Standard Russian spy tactics.......

Pays off twice

 

[waltky]

Bleipriester is a commie sympathizer?

Granny gonna report him to the House Committee..

... on Un-American Activities.

 

[Bleipriester]

Bleipriester is a commie sympathizer?

Granny gonna report him to the House Committee..

... on Un-American Activities.

I am so fucking armed - my no-trespassers signs has a diagonal size of 50 meters.

 

[waltky]

Granny says, "Dat's right - dem Chinks is at it again...

FBI Investigating Paralyzing Hack on Another Hospital Chain
March 29, 2016 | WASHINGTON (AP) — Modern medicine in the Washington area reverted to 1960s-era paper systems when one of the largest hospital chains was crippled by a virus that shuttered its computers for patients and medical staff.

The FBI said it was investigating the paralyzing attack on MedStar Health Inc., which forced records systems offline, prevented patients from booking appointments, and left staff unable to check email messages or even look up phone numbers. The incident was the latest against U.S. medical providers, coming weeks after a California hospital paid ransom to free its infected systems using the bitcoin currency. A law enforcement official, who declined to be identified because the person was not authorized to discuss an ongoing investigation, said the FBI was assessing whether a similar situation occurred at MedStar. "We can't do anything at all. There's only one system we use, and now it's just paper," said one MedStar employee who, like others, spoke on condition of anonymity because this person was not authorized to speak with reporters.

There were few signs of the attack's effects easing late Monday, with one employee at Georgetown University Hospital saying systems were still down, and saying some managers had to stay late and come in early because of the disruptions. Company spokeswoman Ann Nickels said she couldn't say whether it was a ransomware attack. She said patient care was not affected, and hospitals were using a paper backup system. But when asked whether hackers demanded payment, Nickles said, "I don't have an answer to that," and referred to the company's statement.

MedStar operates 10 hospitals in Maryland and Washington, including the Georgetown hospital. It employs 30,000 staff and has 6,000 affiliated physicians. Dr. Richard Alcorta, the medical director for Maryland's emergency medical services network, said he suspects it was a ransomware attack based on multiple ransomware attempts on individual hospitals in the state. Alcorta said he was unaware of any ransoms paid by Maryland hospitals or health care systems. "People view this, I think, as a form of terrorism and are attempting to extort money by attempting to infect them with this type of virus," he said.

Alcorta said his agency first learned of MedStar's problems about 10:30 a.m., when the company's Good Samaritan Hospital in Baltimore called in a request to divert emergency medical services traffic from that facility. He said that was followed by a similar request from Union Memorial, another MedStar hospital in Baltimore. The diversions were lifted as the hospitals' backup systems started operating, he said. Some staff said they were made aware of the virus earlier, being ordered to shut off their computers entirely by late morning. One Twitter user posted a picture Monday he said showed blacked-out computer screens inside the emergency room of Washington Hospital Center, a trauma center in Northwest Washington.

MORE

 

[waltky]

New ransomware knows where you live, 'Hack' puts explicit show on US radio...

The ransomware that knows where you live
Fri, 08 Apr 2016 - A widely distributed scam email that quotes people's postal addresses links to a dangerous form of ransomware, according to a security researcher.

Andrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4's You and Yours that discussed the phishing scam. Mr Brandt discovered that the emails linked to ransomware called Maktub. The malware encrypts victims' files and demands a ransom be paid before they can be unlocked. The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link - but that leads to malware, as Mr Brandt explained. One of the emails was received by You and Yours reporter Shari Vahl. "It's incredibly fast and by the time the warning message had appeared on the screen it had already encrypted everything of value on the hard drive - it happens in seconds," Mr Brandt told the BBC. "This is the desktop version of a smash and grab - they want a quick payoff." Maktub doesn't just demand a ransom, it increases the fee - which is to be paid in bitcoins - as time elapses.

A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately $580. This rises to 1.9 bitcoins, or $790, after the third day. The phishing emails tell recipients that they owe money to British businesses and charities when they do not. One of the organisations named was the Koestler Trust, a charity which helps ex-offenders and prisoners produce artwork. "We rely on generous members of the public and we were very distressed when we discovered that people felt they had received emails from us asking for money, when indeed they had not been generated by us at all," chief executive Sally Taylor told You and Yours.

Addresses included

One remarkable feature of the scam emails was the fact that they included not just the victim's name, but also their postal address. Many, including BBC staff, have noted that the addresses are generally highly accurate. According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it's still not clear how scammers were able to gather people's addresses and link them to names and emails. The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails. In a statement, the firm said: "Ebay works aggressively to protect customer data and privacy, which is our highest priority. "We are not aware of any link between this new phishing scam and eBay's data. "We continually update our approach to customer data security in an effort to create the safest environment possible for our customers."

Fraud body 'inundated'

See also:

Explicit 'furry' podcast airs on US radio after 'hack'
Fri, 08 Apr 2016 - The producers of an explicit "furry" podcast say they are "deeply sorry" after it was broadcast on several US radio stations in an apparent hack.

Several US radio stations played out an explicit podcast to listeners after an apparent hack. The Furcast group says the 90-minute podcast went out without its knowledge and it is "deeply sorry". Two Texas stations were among those which broadcast the material, aimed at "furries"- people interested in animals that are given human traits. Broadcasters have been advised to change passwords on the hardware many of them use. Barix streaming boxes are popular with broadcasters and PA professionals. Furcast said that multiple server requests for its content during the incident were in the name of "Barix Streaming Client" and that many of the individual boxes involved were visible on Shodan, a search engine for devices connected via the Internet of Things.

The BBC has contacted Barix for comment but the problem appears to be with security settings not being updated by the box owners. "Someone is attacking Barix Boxes," wrote a member of the Alabama Broadcast Association. "Several radio stations and at least one radio network have been compromised. The Barix receiver is pointed to an obscene podcast and its password changed so it can only be reset manually." Furries are people who have a fascination with anthropomorphism and often dress in animal costumes. The furry group Furcast describes itself as "an improv comedy-themed furry podcast with no censor" and denies that its main aim is to create sexual material. "Our content is discovered by individuals who specifically seek what we produce, and they do not normally come into contact with it via public means," they wrote. "We have no interest in being discovered by a mainstream audience."

'Unknown source'

Texas radio station KXAX found itself broadcasting Furcast's podcast on Tuesday. "At about 9am we were notified that a programme was playing on the station that did not originate from this studio," the station wrote on Facebook. "We found out that our equipment had been hacked and was broadcasting a podcast or a stream from an unknown source. "We were able to eventually get the problem resolved. But still want to apologise to anyone who may have heard the programming."

KXAX general manager Jason Mclelland told Ars Technica there did not appear to have been a reason for the hack. Another station affected, KIFT, said in a statement that it had only been able to regain control of its output when an engineer physically went to the site of the hacked remote transmitter. "We are working with equipment manufacturers and auditing the security of our own systems to avoid any repeats of this incident," it said.

Explicit 'furry' podcast airs on US radio after 'hack' - BBC News

 

[Tom Horn]

I never access my bank information on-line....if somebody tries to ransom my porn vids they can have em....I stole em so who cares?

 

[waltky]

University pays $20,000 data ransom...

University pays $20,000 to ransomware hackers
Wed, 08 Jun 2016 - A Canadian university pays hackers to restore access to emails and other files encrypted by ransomware.

A Canadian university has paid hackers to restore access to data they had turned into the digital equivalent of gibberish. The University of Calgary transferred 20,000 Canadian dollars-worth of bitcoins ($15,780; £10,840) after it was unable to unwind damage caused by a type of attack known as ransomware. The malware caused emails and other files to become encrypted. One expert warned that the payout would encourage further blackmail attempts. The move comes the same week Intel warned that ransomware infections were spreading at "an alarming rate". More than 120 separate strains exist, many of which are frequently updated, making it difficult for security experts to offer a solution.

The University of Calgary told a local newspaper that more than 100 of its computers had been affected since it was attacked last month. "The university is now in the process of assessing and evaluating the decryption keys," said the university's vice president Linda Dalgetty. "The actual process of decryption is time-consuming and must be performed with care. "It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data." She added that the local police force was investigating the matter.

Exposure threats

The university follows other high-profile bodies to have met cybercriminals' demands in recent weeks. In February, the Hollywood Presbyterian Medical Center paid $17,000 to restore access to its system.

At the end of the same month, Melrose Police Department in Massachusetts paid $450 after it fell victim to a similar attack. "It's very tempting for organisations to pay out the ransom because that might be the only way they can get their data back, but that makes it worse for everyone else because it encourages more people to set up schemes like the one used in the Calgary case," commented Dr Steven Murdoch from University College London. "It would be better if nobody ever paid, although that's unrealistic to expect. "What's making matters worse is a new trend. "The hackers are threatening to publicly publish information they found on your computers if you refuse to pay, which acts as a double incentive to comply." The University of Calgary has said there was no indication that "any personal or other university data was released to the public".

University pays $20,000 to ransomware hackers - BBC News

See also:

Israel indicts French immigrants in 9.1 million euro scam
Jun 8,`16 -- Israel's state prosecutor indicted four new immigrants from France on Wednesday for allegedly running a major international scam, impersonating company executives and costing five European companies about 9.1 million euros, or over $10 million.

The companies that lost money included German electronics retailer MediaMarkt, Belgian electronics company Eldi, European supermarket chain Cora, multinational perfume chain ICI Paris XL and Dutch hardware store owner Intergamma, according to the indictment. About two dozen other companies were also entangled in the case, including candy maker Mars, high fashion company Chanel, Italian athletic clothing retailer Diadora, beer brewing giant Anheuser-Busch InBev, and car manufacturers Kia Motors and Toyota, though not all the companies fell for the trick, according to the indictment.

The case suggests that the so-called fake CEO scam is still thriving in Israel, where the man widely credited with pioneering the technique, Gilbert Chikli, continues to live openly, evading French attempts to arrest him. Chikli is not suspected in the current case. The French-born defendants were identified as Henri Omessi, Daniel Michael Allon, Jeremy Lalloum and Mordechai Lellouche. They appeared at a court hearing on Wednesday. Rotem Tubul, a lawyer for Omessi, said her client and the other defendants pleaded not guilty. "Because it involves evidence from many countries around the world, there are clear difficulties in handling this case in Israel, and it is doubtful whether it will be possible to overcome them," said Liya Felus, an attorney for Allon.

Israeli police say this building served as the headquarters of an international scam operation that duped global companies out of more than $10 million, in the coastal city of Netanya, Israel, Tuesday, June 7, 2016. The police said they have busted a new crime ring in which French and Italian immigrants posed as company executives to bilk millions of dollars from dozens of multinational giants, including Kia Motors, Hugo Boss and Chanel. The case suggests that the so-called fake CEO scam is still thriving in Israel, where Gilbert Chikli, the man widely credited with inventing it continues to evade French attempts to arrest him​

Israeli prosecutors says the immigrants collected information on European companies, including names of company employees and details on vendors with which they did business. Then, according to prosecutors, they created fake email accounts to send forged documents to an employee in charge of finances, presenting themselves as a CEO or representative of a vendor. They would then instruct the employee to send money to a new "clearing firm" used by the vendor. In reality, the clearing firms were shell companies with bank accounts controlled by the defendants.

In one scam that took place in November and December, according to Wednesday's indictment, defendants impersonated an executive of German electronics giant Bosch and emailed an executive of Eldi, telling him that Bosch had begun to work with a new clearing firm and asking him to update his records with the firm's new bank account information. Later, Eldi transferred 794,175.70 euros owed to Bosch to the shell company's bank account at PKO Bank Polski, Poland's largest bank. In another scam, according to prosecutors, defendants impersonated an employee of Swedish home appliance company Electrolux, and tricked German electronics retailer MediaMarkt into sending them more than 1 million euros.

MORE

 

[waltky]

I've locked myself outta my room - an' I can't get back in...

Austrian hotel says hackers held key system for ransom
Wed, Feb 01, 2017 - The ransom demand arrived one recent morning by e-mail, after about a dozen guests were locked out of their rooms at the lakeside Alpine hotel in Austria.

The electronic key system at the picturesque Romantik Seehotel Jaegerwirt had been infiltrated, and the hotel was locked out of its own computer system, leaving guests stranded in the lobby, causing confusion and panic. “Good morning?” the e-mail began, hotel managing director Christoph Brandstaetter said. It went on to demand a ransom of two bitcoins, or about US$1,800, and warned that the cost would double if the hotel did not comply with the demand by the end of the day, Jan. 22.

The e-mail included details of a “bitcoin wallet” — the account in which to deposit the money — and ended with the words: “Have a nice day!” Brandstaetter said. With the 111-year-old hotel brimming with eager skiers, hikers and vacationers, some having paid about US$530 for a suite with a panoramic view and sauna, Brandstaetter said he decided to cave in. Guests had already complained that their electronic room keys were not working, and receptionists’ efforts to create new ones had proved futile.

The reservation system for the hotel in the village of Turracherhohe, about 90 minutes by car from Salzburg, Austria, was paralyzed. “We were at maximum capacity with 180 guests and decided that it was better to give in,” Brandstaetter said. “The hackers were very pushy.” “Ransomware is becoming a pandemic,” said Tony Neate, a former British police officer who investigated cybercrime for 15 years.

Austrian hotel says hackers held key system for ransom - Taipei Times

 

[mamooth]

Not actually ransomware here, just scareware. I get this "CRITICAL MESSAGE FROM MICROSOFT" page often when clicking on the stupid little ads/news stories that Facebook shows. A computerized voice also reads the script. I especially like the "you must respond in 5 minutes to prevent your computer from being disabled!" part.

Obviously, I just close the page. Nothing bad happens, MalwareBytes shows no malware. It's just a scare, so you'll call them and give them your personal info. I'm tempted to call them and waste their time for an hour.

---
** YOUR COMPUTER HAS BEEN BLOCKED **

Error # 268D3

Please call us immediately at: 888-726-6050
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.

Your computer has alerted us that it has been infected with a virus and spyware. The following information is being stolen...

> Facebook Login
> Credit Card Details
> Email Account Login
> Photos stored on this computer
You must contact us immediately so that our engineers can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your computer from being disabled.

Toll Free: 888-726-6050
---

 

[leftwinger]

THis window just opened up on my PC. Is it real? Would you click on it?

 

[longknife]

THis window just opened up on my PC. Is it real? Would you click on it?

View attachment 120761

If you've got Google Chrome installed, why not?