Tag: Ransomware

This new ransomware campaign targets business and demands a massive bitcoin ransom

A new ransomware campaign targeting large organisations in the US and around the world has made the attackers behind it over $640,000 in bitcoin in the space of just two weeks, and appears to be connected to Lazarus, the hacking group working out of North Korea.

Ryuk ransomware first emerged in mid-August and in the space of just days infected several organisations across the US, encrypting PCs and storage and data centres of victims and demanded huge Bitcoin ransoms.

Read more about Ryuk ransomware, which is being used in highly targeted attacks, on ZDNet.

GandCrab’s Rotten EGGs Hatch Ransomware in South Korea

The VenusLocker group appears to be back, hatching a fresh GandCrab ransomware campaign, using the EGG niche file type. The emails with EGG attachments are meant to specifically take aim at South Korean users.

Trend Micro researchers, who first observed the offensive campaign in early August, noted that the attachments are being used to deliver the GandCrab v4.3 ransomware. The firm said the rash of emails uses “e-commerce violation” lures.

Read more about the new campaign that could mark yet another reinvention for the VenusLocker group, which has mostly been focused on cryptomining this year, on Threatpost.

Former Microsoft Engineer Gets 18 Months in Prison for Role in Ransomware Scheme

A former Microsoft network engineer has been sentenced to 18 months in prison for his role in helping launder money obtained from victims of the Reveton ransomware. Uadiale admitted to helping cash ransom payments obtained by a cybercriminal who distributed Reveton ransomware.

This happened in the early days of ransomware, between October 2012 and March 2013. Reveton operators asked victims to pay using GreenDot MoneyPak vouchers, which Uadiale’s would then convert into the Liberty Reserve digital currency, keeping 30% of the money as a cut for his services.

Read more about the Reveton ransomware money laundering operations on BleepingComputer.

New ransomware arrives with a hidden feature that hints at more sophisticated attacks to come

A new form of ransomware is spreading to victims around the world and the way it’s built suggests those behind it could use it to launch more sophisticated attacks in future.

KeyPass ransomware first appeared on 8 August and so far has spread to hundreds of victims in more than 20 countries around the world via fake software installers which download the ransomware onto the victim’s PC.

Read more about KeyPass ransomware, which comes with the additional option for the attackers to take manual control of an infected system according to researchers at Kaspersky Lab, on ZDNet.

Ransomware Attacks: A Quantum Leap from Quantity to Quality

The cybersecurity attack landscape moves fast, really fast. Last year, not a week passed that didn’t bring about news on a new ransomware incident. Fast forward a year and by all accounts ransomware incidents are on the decline – by as much as 32% according to some reports.

Dig a little deeper and we see that, for enterprises, the ransomware threat is actually not going away anytime soon. For while attack volume may have declined, ransomware attacks have evolved to be more sophisticated, targeted and effective against unsuspecting users and unprepared organizations.

Read more about the evolution of ransomware attacks and learn how you can protect your organization from this threat on Security Magazine.

SamSam Ransomware Crew Made Nearly $6 Million From Ransom Payments

The SamSam ransomware has earned its creator(s) more than $5.9 million in ransom payments since late 2015, according to the most comprehensive report ever published on SamSam’s activity, containing information since the ransomware’s launch in late 2015 and up to attacks that have happened earlier this month.

Compiled by UK cyber-security firm Sophos, the 47-page report is a result of researchers collecting data from past attacks, talking to victims, and data-mining public and private sources for SamSam samples that might have slipped through the cracks.

Read more about the findings of the elaborate report on SamSam ransomware on BleepingComputer.

Ransomware Infection Cripples Shipping Giant COSCO’s American Network

A ransomware infection has crippled the US network of one of the world’s largest shipping giants —COSCO (China Ocean Shipping Company). “Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment,” said the company in a press release. “For safety precautions, we have shut down the connections with other regions for further investigations.”

But while the company described the incident as a “network breakdown,” according to internal emails seen by several maritime news sites [12], the company referred to the incident as a ransomware infection.

Read more about the ransomware attack on shipping giant COSCO’s American network on BleepingComputer.

This old ransomware has been revamped as Bitcoin-stealing malware

An old form of ransomware has been re-purposed to steal bitcoin by altering the addresses of wallets and redirecting payments into accounts owned by the attacker. Little of the malicious code has been changed so a number of security products will still identify it as the file-locking malware, despite this version’s new role in outright stealing cryptocurrency.

Detailed by researchers at Fortinet, this Bitcoin stealing campaign has its origins in Jigsaw – a form of ransomware which appeared in April 2016 and infamous for displaying the face of horror film antagonist it is named after.

Read more about the new Bitcoin stealing campaign that is based on Jigsaw ransomware on ZDNet.

Samsam infected thousands of LabCorp systems via brute force RDP

LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn’t result in a data breach. However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production servers.

The wider public first learned about the LabCorp incident on Monday, when the company disclosed it via an 8-K filing with the SEC. Since then, as recovery efforts continue, the company said they’re at about 90-percent operational capacity.

Read more about the SamSam ransomware attack on LabCorp, which was contained within 50 minutes, on CSO.

Ransomware back in big way, 181.5 million attacks since January

SonicWall announces record numbers for malware volume, ransomware attacks, encrypted threats and chip-based attacks in the mid-year update of the 2018 SonicWall Cyber Threat Report.

The malware boom of 2017 has shown no signs of stopping through the first half of 2018. SonicWall Capture Labs threat researchers recorded 5.99 billion malware attacks during the first two quarters of the year. At this same point in 2017, SonicWall logged 2.97 billion malware attacks. SonicWall also shows ransomware attacks surging in first six months of 2018.

Read more about the findings of the mid-year update of the 2018 SonicWall Cyber Threat Report on Help Net Security.