How Intel and Others Are Fighting the Ransomware Epidemic

August 24th, 2016 by Mark Daly in Industry News No Comments »

Firms release decryption tools to battle Wildfire.

Intel and the security firm Kaspersky Lab have released tools for freeing files that are being held to ransom by a nasty piece of malware called Wildfire.

Wildfire is a variant of ransomware—the rapidly growing phenomenon where attackers trick people into clicking things they shouldn’t, then encrypt files or whole drives on their computers and demand payment for decrypting them.

This particular variant has been targeting victims in the Netherlands and Belgium, with spam emails written in perfect Dutch, and a dummy transport company as the sender that uses a Dutch web address.

Around 5,300 people were successfully targeted in just one month. The emails told them they had missed deliveries and needed to fill in a form to schedule a new delivery. The form was rigged to infect the victims’ computers.

Victims were told to pay 1.5 bitcoins, or around $870, to rescue their files. In reality, the companies said, most victims were able to bargain down to 0.5 or 0.6 bitcoins.

Intel and Kaspersky worked with the Dutch police and the European Cybercrime Centre to develop the decryption tool that is now available for free download. They also managed to take down the servers that were pumping out the spam.

The companies are taking part in a public-private initiativeto fight the ransomware scourge. Their tool now sits along others that can help victims of variants such as TeslaCrypt and CoinVault.

Intel and Kaspersky noted that Wildfire was programmed not to infect people in eastern European countries, making it likely that people from that region were responsible—and keen not to get the local authorities on their case.

Because they were able to get at the criminals’ servers, the companies and cops were able to establish that the operation was pulling in just under $80,000 a month. That’s just from targeting a pair of pretty small countries.

Meanwhile in the U.K., cybersecurity companies SentinelOne and NCC Group made a bunch of freedom-of-information requests and found that universities and hospitals were regularly being targeted.

For more on Intel, watch this video.

Bournemouth University (this writer’s alma mater, as it happens) was targeted 21 times over the last year, but said it had successfully resisted the attacks. That’s not surprising, given that it houses a major cybersecurity unit.

Of 60 National Health Service trusts that responded to questions about their experiences, 28 said they had been attacked and 31 said patient confidentiality stopped them from being able to comment. Just one said it had not been targeted.

Hospitals and universities are regularly targeted around the world, and some have paid up. Particularly when patient data is at risk, that impulse is perhaps understandable.

However, the success of the ransomware model also encourages the criminals using it. Recent researchsuggested almost two-fifths of businesses in the U.S., Canada, the U.K. and Germany have suffered ransomware attacks in the last year.

It’s no surprise that law enforcement and the security industry are fighting this growing trend as hard as they can.


Leave a Reply

You must be logged in to post a comment.

NEED MORE INFORMATION?Contact us to see how we can help your business

Call our Sales Team on:

+44 (0)121 289 3434

or email us at: