US, Canada issue alert on ‘ransomware’

The US and Canada have issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as “ransomware”, which encrypt data and demand payments for it to be unlocked.


The warning follows reports from several private security firms that they expect the crisis to worsen, because hackers are getting more sophisticated and few businesses have adopted proper security measures to thwart such attacks.

“Infections can be devastating to an individual or organisation, and recovery can be a difficult process that may require the services of a reputable data recovery specialist,” the two governments said in the alert, distributed by the US Department of Homeland Security and the Canadian Cyber Incident Response Centre on Thursday.

It comes in the wake of reports of a string of ransomware attacks on individuals, businesses and government agencies in the past few months, including some that interrupted services at US hospitals and police departments.

Last week the Federal Bureau of Investigation issued a private alert to US businesses, seeking their help in its investigation into the attacks.

Thursday’s alert said the consequences of ransomware attacks include loss of sensitive or proprietary information, disruption of regular operations, expenses to restore access to computer systems and harm to a victim’s reputation.

The governments discouraged victims from paying hackers to restore access to their data.

“Paying the ransom does not guarantee the encrypted files will be released,” the alert said. “It only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information.”

MedStar, the US capital region’s largest healthcare provider, shut down much of its computer network this week to slow the spread of a virus. The Baltimore Sun reported on Wednesday that hackers had used ransomware to encrypt data on some computers and then demanded a ransom of $US18,500 ($A24,000).

Security blogger Brian Krebs last week reported that Kentucky-based Methodist Hospital declared an internal state of emergency after falling victim to a ransomware attack.

Last month, Hollywood Presbyterian Hospital in Los Angeles paid a ransom of $US17,000 to regain access to its systems after a similar attack.