13 July 2019 | New Scientist | 9Analysis Ransomware
Cybercriminals are cashing in As extortion ransomware spreads,
organisations are paying to release their data. It is a risky move,
says Chris Stokel-Walker
RANSOMWARE attacks are on
the rise. These see individuals
and organisations denied access
to their data unless they pay the
hackers who are holding it hostage.
The latest apparent victim is the
biggest provider of forensic
services to the UK.
Eurofins Scientific in
Luxembourg was hit with a
ransomware attack in early June.
Last week, the BBC reported that
a ransom had been paid to regain
control of the data. Eurofins didn’t
respond to a request for comment
from New Scientist.
This is one of a number
of recent high-profile attacks.
Lake City in Florida paid $530,
in bitcoin to unlock its data in
June, and another Florida city,
Riviera Beach, paid out $600,000.
The strain of ransomware
used is called Ryuk. It was
unleashed by a Russia-based
organised crime group called
Grim Spider in August 2018. It is
estimated that Ryuk earned its
creators more than $3.7 million in
its first four months of operation.
Ryuk, like most ransomware,
secretes itself onto computers
through malicious email
attachments. It encrypts every
file on the computer and directs
the victim to send two encrypted
files to an email address. The two
files are returned, decrypted, along
with a bitcoin wallet address.
The victim must send bitcoins
to this address to unlock the rest.“As criminals become more
adept and the tools more
sophisticated, yet easier to obtain,
fewer attacks are directed towards
citizens and more towards small
businesses and larger targets,
where greater potential profits lie,”
says Philipp Amann of Europol’s
European Cybercrime Centre.
As more organisations pay
out rather than lose their data,
hackers become bolder. “The
reason we’re seeing so muchransomware is that it manifestly
works,” says Alan Woodward
at the University of Surrey, UK.
Affected organisations
often have to pay only a small
percentage of the total amount.
Lake City paid about $10,
of the $530,000 ransom, with
its insurance company picking
up the rest.
Giving in to demands is
dangerous, however. “You’re
not guaranteed to get your system
unlocked,” says Woodward,
because the hackers have little
incentive to unlock the data
once they have the money.
Paying up probably increases
the likelihood of future attacks
too: criminals distribute “suckers
lists” of those who have proven
susceptible to extortion.
Stopping such attacks is
difficult, but there are things
people can do. The ransomware
attacks often work because
computer users often have little
understanding of the software
they use. Better IT literacy, such
as knowing not to open email
attachments from strangers,
RIT would help prevent the spread. ❚CH
IE^ B.^ TO
NGO/EPA
/SHUTTE
RS
TOCKRansomware attacks
encrypt your data until
you pay upSpace health
Exposure to space
radiation not a
problem so far
SPACE exploration is a risky
business. As well as the physical
dangers, radiation – from the sun
and cosmic rays – is thought to put
astronauts at a higher risk of getting
cancer and heart disease in later life.
But so far there is no sign space
travellers are dying early from these
conditions. “We haven’t ruled it out,
but we looked for a signal and we
didn’t see it,” says Robert Reynolds
of Mortality Research & Consulting.
Not enough space-goers have
died from these conditions to just be
able to compare their age of death
with that of other groups. Instead,
Reynolds’s team used a statistical
technique on survival figures for
301 US astronauts and 117 Soviet
and Russian cosmonauts.
A total of 89 have died to date.
Three-quarters of cosmonaut
deaths were due to cancer or
heart disease, but only half
of the astronaut deaths were.
This is principally because there
have been more fatal accidents
in the US space programme, such
as the Challenger shuttle disaster.Down here on Earth, getting heart
disease doesn’t make you more or
less likely to also get cancer – the
two conditions develop relatively
independently of each other.
But if radiation exposure were
causing a surge in both conditions
among people who have been to
space, then the higher rate of death
from one illness may hide a higher
rate of the other. This is because
anyone who dies from heartdisease can’t also die from cancer.
Reynolds’s team plotted the
space-goers’ deaths over time as
survival curves – which show the
rate at which a particular group is
dying – for each disease, and found
no sign of this dampening effect
(Scientific Reports, doi.org/c72t).
However, that doesn’t rule out
radiation giving space-goers a
higher rate of one condition but not
the other – for instance, if it caused
cancer but not heart disease.
Radiation would hit future Mars
visitors for longer, says Reynolds,
so it could still affect their health. ❚
Clare Wilson89
Number of astronauts and
cosmonauts who have ever died