© Reuters. FILE PHOTO: A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo
By James Pearson and Raphael Satter
LONDON/WASHINGTON (Reuters) -A global ransomware outbreak has scrambled servers belonging to Florida’s Supreme Court and several universities in the United States and Central Europe, according to a Reuters analysis of ransom notes posted online to stricken servers.
Those organizations are among more than 3,800 victims of a fast-spreading digital extortion campaign that locked up thousands of servers in Europe over the weekend, according to figures tallied by Ransomwhere, a crowdsourced platform that tracks digital extortion attempts and online ransom payments and whose figures are drawn from internet scans.
Ransomware is among the internet’s most potent scourges. Although this particular extortion campaign was not sophisticated, it drew warnings from national cyber watchdogs in part because of the speed of its spread.
Ransomwhere did not name individual victims, but Reuters was able to identify some by looking up internet protocol address data tied to the affected servers via widely used internet scanning tools such as Shodan.
The extent of the disruption to the affected organizations, if any, was not clear.
Florida Supreme Court spokesman Paul Flemming told Reuters that the affected infrastructure had been used to administer other elements of the Florida state court system, and that it was segregated from the Supreme Court’s main network.
“Florida Supreme Court’s network and data are secure,” he said, adding that the rest of the state court system’s integrity also was not affected.
A dozen universities contacted by Reuters, including the Georgia Institute of Technology in Atlanta, Rice University in Houston and institutions of higher learning in Hungary and Slovakia, did not immediately return messages seeking comment.
Reuters also contacted the hackers via an account advertised on their ransom notes but only received a payment demand in return. They did not respond to additional questions.
Ransomwhere said the cybercriminals appear to have extorted only $88,000, a modest haul by the standard of multimillion-dollar ransoms regularly demanded by some hacking gangs.
One cybersecurity expert said the outbreak – thought to have exploited a two-year-old vulnerability in VMWare Inc software – was typical of automated attacks on servers and databases that have been carried out by hackers for years.
VMWare has urged customers to upgrade to the latest versions of its software.
“This is nothing unusual,” said Patrice Auffret, founder of French internet scanning company Onyphe. “The difference is the scale.”
Also uncommon is the highly visible nature of the outbreak, which began earlier this month. Because internet-facing servers were affected, researchers and tracking services like Ransomwhere or Onyphe could easily follow the criminals’ trail.
Digital safety officials in Italy said on Monday that there was no evidence pointing to “aggression by a state or hostile state-like entity.”
Samuli Kononen, an information security specialist at the Finnish National Cyber Security Centre, said the attack was likely carried out by a criminal gang, although he added that it was not particularly sophisticated as many victims had managed to salvage their data without paying a ransom.
“More experienced ransomware groups usually don’t make that kind of mistake,” he said.
Recently, Florida’s state court system, along with several universities in the United States and Europe, have been the victim of a devastating ransomware attack.Ransomware is a type of malicious software that locks an infected computer and demands a payment in return for the unlocking of the system. It has left the court system and various universities with their key data sources encrypted, crippling their ability to function properly.
In Florida, the ransomware outbreak resulted in the suspension of all e-filing services and caused the courts to cease their regular operations. This is a massive inconvenience for all people involved, as it has delayed court proceedings and affected the justice system greatly. The Florida court system is still in the process of determining the cause of this attack and what the full impact of its disruption will be.
The universities that have been impacted by this ransomware outbreak face a different challenge. All of these universities had their databases and files encrypted, causing their operations to be severely hampered. Universities from the United States and Europe have been the most affected, disrupting their students’ courses and daily life. In response to the attack, many universities have taken their systems offline and are conducting their research and operations via paper records and other manual methods.
Both the Florida court system and the universities in the United States and Europe will be dealing with the aftermath of this ransomware attack for quite some time. While it is important to ensure the safety of all digital records, it is also essential to be aware of the potential impacts that such an attack can have on the lives of many people. As such, it is necessary for all organisations to ensure their systems are equipped with the latest security protocols and vigorously tested before they are put into service.
All agencies and organisations should learn from this incident, understand the consequences and take the necessary steps to ensure their systems are properly secured. The Florida state court system, US, and EU universities that have been affected by this ransomware outbreak should prioritize their security and take action so as to prevent similar attacks in the future.