SAN FRANCISCO (CBS SF) — As tens of thousands of computers in countries around the world were being attacked by hackers demanding bitcoin payment on Friday, the U.S. Federal Trade Commission and its state partners were urging internet users to take measures to protect themselves online.

The ransomware attacks that crippled computer systems in over 60 countries Friday were likely caused when people either clicked on or downloaded malicious files.

Aside from these threats, federal and state authorities warned consumers about scammers who try to gain access to people’s computers by claiming viruses or malware have been found on their computers, and that they can help get rid of them.

“We released the consumer alert regarding tech support scams this morning ahead of the news of the malware cyberattack,” California Attorney General spokeswoman Tania Mercado told CBS San Francisco Friday. “However, today’s news of the attack is a reminder of the importance of remaining vigilant about these types of scams and protecting consumers against attacks on their personal computers.”

The FTC, along with federal, state and international law enforcement partners on Friday announced “Operation Tech Trap,” a crackdown on scammers who trick consumers into believing their computers are infected with viruses and malware, and then charge them hundreds of dollars for unnecessary repairs.

Tech support scammers use convincing tactics to make the consumer believe their computer has been infected.

In the scams — and in the real cybersecurity breaches on Friday — computer users often see countdown clocks, allegedly representing the time remaining before the computer hard drive will be deleted.

While the ransomware attacks on Friday appear to be a real cybersecurity threat that will delete files from computers, by taking advantage of vulnerabilities purportedly identified by the U.S. National Security Agency, the scammers don’t actually have access to the user’s computer yet.

The scammers, according to the California Attorney General’s Office, claim there is a virus and have the user call a phone number and then try to the user to grant the scammer access to their computer. Then they demand the user pay them for repairs and anti-virus programs.

In the global cybersecurity breaches happening on Friday, the attackers appear to want payment in bitcoin and hold files on the user’s computer hostage until they receive payment.

By Hannah Albarazi – Follow her on Twitter: @hannahalbarazi.

CBS Local — Ransomware, the malware hackers use to lock victims’ computers and demand money to unlock them, has garnered more than $25 million in payments for those responsible for deploying viruses in just the last two years, The Verge reports.

A study on 34 separate cases of ransomware by researchers from Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering were able to better map out the ransomware underworld.

Specifically, they discovered Locky, a strain of ransomware that has alone accrued more than $7 million in payments.

“Locky’s big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines,” said Damon McCoy, a professor at NYU who worked on the study. “Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business.”

Ransomware is a scary byproduct for many and is becoming more and more frequent as the digital world continues to evolve.

Antivirus software is the main defense against ransomware. It blocks similar codes to known ransomware viruses but hackers have adapted by creating ransomware that will automatically change its code once detected.

SAN FRANCISCO (AP) — Researchers say suspected nation-state hackers infected Apple iPhones with spyware over two years in what security experts on Friday called an alarming security failure for a company whose calling card is privacy.

A mere visit to one of a small number of tainted websites could infect an iPhone with an implant capable of sending the smartphone owner’s text messages, email, photos and real-time location data to the cyberspies behind the operation.

“This is definitely the most serious iPhone hacking incident that’s ever been brought to public attention, both because of the indiscriminate targeting and the amount of data compromised by the implant,” said former U.S. government hacker Jake Williams, the president of Rendition Security.

Announced late Thursday by Google researchers, the last of the vulnerabilities were quietly fixed by Apple by February but only after thousands of iPhone users were believed exposed over more than two years.

The researchers did not identify the websites used to seed the spyware or their location. They also did not say who was behind the cyberespionage or what population was targeted, but experts said the operation had the hallmarks of a nation-state effort.

Williams said the spyware implant wasn’t written to transmit stolen data securely, indicating the hackers were not concerned about getting caught. That suggests an authoritarian state was behind it. He speculated that it was likely used to target political dissidents.

Sensitive data accessed by the spyware included WhatsApp, iMessage and Telegram text messages, Gmail, photos, contacts and real-time location — essentially all the databases on the victim’s phone. While the messaging applications may encrypt data in transit, it is readable at rest on iPhones.

Google researcher Ian Beer said in a blog posted late Thursday that the discovery should dispel any notion that it costs a million dollars to successfully hack an iPhone. That’s a reference to the case of a United Arab Emirates dissident whose iPhone was infected in 2016 with so-called zero-day exploits, which have been known to fetch such high prices.

“Zero day” refers to the fact that such exploits are unknown to the developers of the affected software, and thus they have had no time to develop patches to fix it.

The discovery, involving 14 such vulnerabilities, was made by Google researchers at Project Zero, which hunts the security flaws in software and microprocessor firmware, independent of their manufacturer, that criminals, state-sponsored hackers and intelligence agencies use.

“This should serve as a wake-up call to folks,” said Will Strafach, a mobile security expert with Sudo Security. “Anyone on any platform could potentially get infected with malware.”

Beer said his team estimated that the infected websites used in the “indiscriminate watering hole attacks” receive thousands of visitors per week. He said the team collected five separate chains of exploits covering Apple’s iOS system as far back as version 10, released in 2016.

Apple did not respond to requests for comment on why it did not detect the vulnerabilities on its own and if it can assure users that such a general attack could not happen again. Privacy assurance is central to the Apple brand.

Neither Google nor Beer responded to questions about the attackers or the targets, though Beer provided a hint in his blog post: “To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.”

Security manager Matt Lourens at Check Point Software Technologies called the development an alarming game-changer. He said that while iPhone owners previously compromised by zero days were high-value targets, a more widespread seeding of spyware at a lower cost per infection has now been shown possible.

“This should absolutely reshape the way corporations view the use of mobile devices for corporate applications, and the security risk it introduces to the individual and/or organization,” Lourens said in an email.

In his blog post, the Google researcher Beer warned that absolute digital security can’t be guaranteed.

Smartphone users must ultimately “be conscious of the fact that mass exploitation still exists and behave accordingly;” he wrote, “treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

© Copyright 2019 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

SAN FRANCISCO (CBS SF) — Hackers who attacked computer servers at the University of California at San Francisco School of Medicine were paid a ransom of more than $1 million so researchers could regain access to data that had been maliciously encrypted by malware, according to university officials.

The school’s Information Technology staff detected a security incident on June 1 and the affected areas, described as “a limited number of servers in the School of Medicine,” were isolated from the UCSF core network.

The attack left the servers inaccessible and malware uploaded during the breach encrypted data on the affected servers that was used by the attackers as proof of what had been perpetrated.

“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” the university said in a news release. “We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

Officials emphasized that the attack did not affect patient care, its novel coronavirus work or the overall campus network.

The university said it is working with a cyber-security consultant and other outside experts to investigate the attack and bolster system defenses.

The tainted servers are expected to be restored in the near future.

“This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education,” the university said. “We continue to cooperate with law enforcement, and we appreciate everyone’s understanding that we are limited in what we can share while we continue with our investigation.”

© Copyright 2020 CBS Broadcasting Inc. and Bay City News. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed

CUPERTINO (CBS / CNN) — Nearly 30,000 Macs worldwide have been infected with mysterious malware, according to researchers at security firm Red Canary.

The issue was somewhat confounding to Red Canary researchers, who said it’s not clear what the malware’s goal is. In a blog post, the firm said it did not observe the malware delivering “malicious payloads” — essentially, harmful actions against a device.

The malware, which the company calls Silver Sparrow, does not “exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems,” Tony Lambert, an intelligence analyst at Red Canary wrote.

Silver Sparrow includes a self-destruct mechanism that appears to have not been used, researchers said, adding that it’s unclear what would trigger that function. They are also uncertain of how the malware got onto infected computers, though they believe it may have been through malicious search results.

The researchers found that Silver Sparrow contains code that runs natively on Apple’s in-house M1 chip that was released in November, making only the second known malware to do so. However, this doesn’t necessarily raise red flags about the chip.

“New technology is going to be adopted by everybody — good guys, bad guys, everybody in between — it’s definitely something that’s going to happen,” Red Canary Intelligence Expert Tony Lambert said.

Though it’s unclear what the intent of the malware is, Red Canary said it decided to report the findings because its “forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat,” researchers wrote.

Researchers believe Silver Sparrow emerged and began infecting devices sometime last year.

Silver Sparrow infected 29,139 Macs in 153 countries as of February 17, with higher concentrations reported in the United States, United Kingdom, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks. While that number seems large, it’s a small fraction of the millions of Macs in use around the world, though it’s possible there are infected devices not identified by researchers.

Apple, headquartered in Cupertino, revoked the developer certificates used by the malware, a company spokesperson said, which will prevent any future infections. Revoking the developer certificates also creates barriers for any existing malware infections to be able to take additional actions.

Red Canary detailed some “indicators of compromise” in its blog post. For the average consumer, Lambert said he recommends simply using a reputable anti-virus or anti-malware program as a backstop to the existing protections that Apple builds into the MacOS operating system, which are known for being strong.

© Copyright 2021 CNN. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

RENO, Nev. (CBS / AP) — A Russian man was sentenced Monday to what amounted to time already served and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant in a bid to steal company secrets for ransom.

Egor Igorevich Kriuchkov, appearing by videoconference from jail, apologized after U.S. District Judge Miranda Du in Reno acknowledged the attempted hack was not successful and the company network was not compromised.

“I’m sorry for my decision. I regret it,” the 27-year-old Kriuchkov said through a Russian-language court interpreter.

Chris Frey, his court-appointed attorney, said Kriuchkov speaks fluent English, but the judge provided the interpreter anyway.

Kriuchkov said the nine months he has been in U.S. custody made him reflect on the pain he caused his family in Russia and the damage caused to his reputation. Several family members sent email messages to the judge seeking leniency.

“I understand it was a bad decision,” said Kriuchkov said, who could have faced up to five years in prison and a $250,000 fine.

The judge, who agreed not to use the company name in court, went along with a plea agreement reached between prosecutors and Kriuchkov.

He was sentenced to 10 months in custody for his guilty plea in March to conspiracy to intentionally cause damage to a protected computer; to pay about $14,825 in restitution for company time investigating the attempted intrusion and turning the case over to the FBI; and three years of federal supervision if he remains in the U.S. or returns from abroad. He will remain in custody until he leaves the country.

Tesla CEO Elon Musk acknowledged after Kruichkov’s arrest in August in Los Angeles that the company had been the target of what Musk termed a serious effort to collect company secrets. Federal authorities had said Kriuchkov was heading to an airport to fly out of the country.

Tesla, which is headquartered in the Bay Area, has a massive factory near Reno that makes batteries for electric vehicles and energy storage units. Company officials did not immediately respond Monday to messages seeking comment.

The judge put the amount Kriuchkov offered to pay the unidentified employee at $500,000. She did not address previous reports that the bribe amounted to $1 million.

Federal authorities credited the employee with reporting Kriuchkov’s overtures to company officials.

The hack was designed as a distributed denial-of-service attack, using junk data to flood the Tesla computer system, while a second intrusion would let co-conspirators extract data from the company network and demand ransom with the threat of making the information public.

Other suspected co-conspirators are identified in court document by nicknames, and references are made to at least one other failed effort to target another unidentified company.

Kriuchkov told a judge in September that he knew the Russian government was aware of his case, but prosecutors and the FBI never alleged ties to the Kremlin.

“There’s no question the offense is serious,” Du said, citing concerns about “these types of cyber-ransom offenses” in the U.S. and other countries. “Fortunately, the scheme was not successful.”

© Copyright 2021 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.