A new version of ransomware that first surfaced about two years ago is garnering attention for its ability to spread via as many as ten different vulnerabilities in Windows and Linux server platforms.
“Lucky,” as the new malware is called, is a variant of Satan, a data encryption tool that first became available via a ransomware-as-a-service offering in January 2017. Like Satan, Lucky also is worm-like in behavior and capable of spreading on its own with no human interaction at all. Security vendor NSFocus spotted the variant on systems belonging to some of its financial services customers in late November, and described it as likely to cause extensive infections worldwide.
Sextortion email scams have been a very successful way of generating money for criminals. A sextortion scam is when you receive an email that states someone hacked your computer and has been creating videos of you while you are using adult web sites. The emails then tell you to send them bitcoins or they will share the videos they made with all of your contacts.
A new campaign has been spotted by researchers at ProofPoint that instead of containing a bitcoin address to send a blackmail payment to, they prompt you to download a video they made of you doing certain “activities”. The downloaded zip file, though, contains a executable that will install malware onto the computer.
A U.S. grand jury indicted two Iranian nationals over claims they carried out a March ransomware attack against the city of Atlanta, crippling its computer systems and causing millions of dollars in losses. Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri used ransomware known as SamSam to infect about 3,789 servers and workstations in Atlanta, the Justice Department said.
The two men, who operated from Iran, were also indicted last week by a federal grand jury in Newark, New Jersey, for a “34-month-long international computer hacking and extortion scheme,” according to the Justice Department.
Read more about the new charges against the Iranian hackers on Bloomberg.
Over 100,000 thousand computers in China have been infected in just a few days with poorly-written ransomware that encrypts local files and steals credentials for multiple Chinese online services. The crooks demand the victim a ransom of 110 yuan ($16) in exchange for decrypting the files, payable via Tencent’s WeChat payment service by scanning a QR code.
A report from Chinese security firm Huorong, the malware, dubbed ‘WeChat Ransom’ in some reports, emerged on December 1 and the number of infected systems has grown to over 100,000 as of December 4. The infection rate seems to have accelerated in one day, rising to the above number from just 20,000 a day before.
Stealth and secrecy use to be the hallmarks of cyber espionage and cyberwarfare, with spies and hackers sneaking in and out of target networks without leaving a trace or evidence that could be linked back to them. But increasingly, cyber attacks are now carried out in fully public view, and many attackers don’t appear to worry so much about keeping under the radar. Some even seem to go out of their way to make sure they are spotted.
One example of the way cyberattacks have gone public: the WannaCry ransomware caused chaos and made headlines around the world, with many businesses locked out of their PCs by hackers who demanded a bitcoin ransom in exchange for restoring access to data.
Read more about this surprising development on ZDNet.
Backdoor and ransomware detections increased 44% and 43%, respectively, in 2018, the same year nearly 30% of computers faced at least one malicious threat online, researchers report.
The Kaspersky Security Bulletin 2018 found malware should be among everyone’s top concerns as we head into the new year. Kaspersky Labs handled 346,000 new malicious files each day in the first 10 months of 2018 and detected 21,643,946 unique malicious objects this year.
Read more about the findings of the Kaspersky report on DarkReading.
Moscow recently opened its first cable-car service and promised free rides for the first month. Unfortunately, only days after after the service was made available, attackers reportedly hacked into the cable car systems and infected them with ransomware.
According to one Russian media report, the main computer for the cable car system was infected with ransomware and was demanding a ransom payment in bitcoins to decrypt the files required for the operation of the cable car.
Security vendor SonicWall says its customers encountered a total of 91 million attacks overall in the days preceding Thanksgiving and those immediately after: Black Friday, Small Business Saturday, and Cyber Monday.
The number represented an unexpected 34% decrease, or a third fewer attacks, compared with the same period in 2017. The decline was especially sharp on Cyber Monday, which by all early accounts was record-breaking both in terms of the number of online shoppers and sales. However, SonicWall did encounter a sharp increase in ransomware attacks over the online holiday shopping days.
Read more about the findings of the new SonicWall report on DarkReading.
Two men — Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran — have been indicted in a criminal conspiracy around the creation and distribution of the SamSam ransomware campaign. The indictment, unsealed today, was handed down by a federal grand jury in New Jersey.
Two hospitals in Ohio and West Virginia have been forced to turn away emergency patients after their computer systems were crippled in a ransomware attack over the weekend. The hospitals — the Ohio Valley Medical Center in Wheeling, West Virginia, and East Ohio Regional Hospital in Martins Ferry, detected the ransomware attack on Nov. 23. It spread through their networks over the weekend.
The details of the form of ransomware were not known, but the attack caused system failures. The hospitals could not process incoming emergency patients, forcing them to divert those requiring medical treatment to other local hospitals.