A
global
ransomware
outbreak
has
scrambled
servers
belonging
to
Florida’s
Supreme
Court
and
several
universities
in
the
United
States
and
Central
Europe,
according
to
a
Reuters
analysis
of
ransom
notes
posted
online
to
stricken
servers.
Those
organizations
are
among
more
than
3,800
victims
of
a
fast-spreading
digital
extortion
campaign
that
locked
up
thousands
of
servers
in
Europe
over
the
weekend,
according
to
figures
tallied
by
Ransomwhere,
a
crowdsourced
platform
that
tracks
digital
extortion
attempts
and
online
ransom
payments
and
whose
figures
are
drawn
from
internet
scans.
Ransomware
is
among
the
internet’s
most
potent
scourges.
Although
this
particular
extortion
campaign
was
not
sophisticated,
it
drew
warnings
from
national
cyber
watchdogs,
in
part
because
of
the
speed
of
its
spread.
Ransomwhere
did
not
name
individual
victims,
but
Reuters
was
able
to
identify
some
by
looking
up
internet
protocol
address
data
tied
to
the
affected
servers
via
widely
used
internet
scanning
tools
such
as
Shodan.
Florida
Supreme
Court
spokesman
Paul
Flemming
told
Reuters
that
the
affected
infrastructure
had
been
used
to
administer
other
elements
of
the
Florida
state
court
system,
and
that
it
was
segregated
from
the
Supreme
Court’s
main
network.
“Florida
Supreme
Court’s
network
and
data
are
secure,”
he
said,
adding
that
the
rest
of
the
state
court
system’s
integrity
also
was
not
affected.
A
dozen
universities
contacted
by
Reuters,
including
the
Georgia
Institute
of
Technology
in
Atlanta,
Rice
University
in
Houston
and
institutions
of
higher
learning
in
Hungary
and
Slovakia,
did
not
immediately
return
messages
seeking
comment.
Reuters
also
contacted
the
hackers
via
an
account
advertised
on
their
ransom
notes
but
only
received
a
payment
demand
in
return.
They
did
not
respond
to
additional
questions.
Ransomwhere
said
the
cybercriminals
appear
to
have
extorted
only
$88,000,
a
modest
haul
by
the
standard
of
multimillion-dollar
ransoms
regularly
demanded
by
some
hacking
gangs.
One
cybersecurity
expert
said
the
outbreak
–
thought
to
have
exploited
a
two-year-old
vulnerability
in
VMware
software
–
was
typical
of
automated
attacks
on
servers
and
databases
that
have
been
carried
out
by
hackers
for
years.
VMware
has
urged
customers
to
upgrade
to
the
latest
versions
of
its
software.
“This
is
nothing
unusual,”
said
Patrice
Auffret,
founder
of
French
internet
scanning
company
Onyphe.
“The
difference
is
the
scale.”
Also
uncommon
is
the
highly
visible
nature
of
the
outbreak,
which
began
earlier
this
month.
Because
internet-facing
servers
were
affected,
researchers
and
tracking
services
like
Ransomwhere
or
Onyphe
could
easily
follow
the
criminals’
trail.
Digital
safety
officials
in
Italy
said
on
Monday
that
there
was
no
evidence
pointing
to
“aggression
by
a
state
or
hostile
state-like
entity.”
Samuli
Kononen,
an
information
security
specialist
at
the
Finnish
National
Cyber
Security
Centre,
said
the
attack
was
likely
carried
out
by
a
criminal
gang,
although
he
added
that
it
was
not
particularly
sophisticated
as
many
victims
had
managed
to
salvage
their
data
without
paying
a
ransom.
“More
experienced
ransomware
groups
usually
don’t
make
that
kind
of
mistake,”
he
said.
About Author
