​US, Canada issue alert on ransomware

The United States and Canada have issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as ransomware, which encrypt data and demand payments for it to be unlocked.

The warning follows reports from several private security firms that they expect the crisis to worsen because hackers are getting more sophisticated and few businesses have adopted proper security measures to thwart such attacks.

"Infections can be devastating to an individual or organisation, and recovery can be a difficult process that may require the services of a reputable data recovery specialist," the two governments said in the alert, distributed by the US Department of Homeland Security and the Canadian Cyber Incident Response Centre on Thursday.

It comes in the wake of reports of a string of ransomware attacks on individuals, businesses, and government agencies in the past few months, including some that interrupted services at US hospitals and police departments.

Last week the Federal Bureau of Investigation issued a private alert to US businesses, seeking their help in its investigation into the attacks.

Thursday's alert said the consequences of ransomware attacks include loss of sensitive or proprietary information, disruption of regular operations, expenses to restore access to computer systems, and harm to a victim's reputation.

The governments discouraged victims from paying hackers to restore access to their data.

"Paying the ransom does not guarantee the encrypted files will be released," the alert said. "It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information."

MedStar, the US capital region's largest healthcare provider, shut down much of its computer network this week to slow the spread of a virus. The Baltimore Sun reported on Wednesday that hackers had used ransomware to encrypt data on some computers and then demanded a ransom of AU$24,000.

Security blogger Brian Krebs last week reported that Kentucky-based Methodist Hospital declared an internal state of emergency after falling victim to a ransomware attack.

Last month, Hollywood Presbyterian Hospital in Los Angeles paid a ransom of $17,000 to regain access to its systems after a similar attack. Employees at the time were unable to access patient files, which forced staff to declare an "internal emergency".

Similarly, online criminals recently held a number of German hospitals hostage, after they fell pray to ransomware.

Ransomware also heightened the threat of credit card scams last month when Visa cardholders were targeted with a ransomware phishing campaign that offered benefits and rewards. Unlike fraudulent credit card-based spam, the campaign attempted to lure consumers to download the ransomware instead of handing over their financial details.

The most recent victim of ransomware, however, was Magento. According to security researchers MalwareHunterTeam, the KimcilWare ransomware is targeting websites with the intention of encrypting servers linked to Magento and demanding a ransom payment.

On Thursday, Bitefender released a free "crypto-vaccine" for popular ransomware strains including CTB-Locker, Locky, and TeslaCrypt, all of which target the Microsoft Windows operating system.