A new ransomware campaign targeting large organisations in the US and around the world has made the attackers behind it over $640,000 in bitcoin in the space of just two weeks, and appears to be connected to Lazarus, the hacking group working out of North Korea.
Ryuk ransomware first emerged in mid-August and in the space of just days infected several organisations across the US, encrypting PCs and storage and data centres of victims and demanded huge Bitcoin ransoms.
Read more about Ryuk ransomware, which is being used in highly targeted attacks, on ZDNet.
The VenusLocker group appears to be back, hatching a fresh GandCrab ransomware campaign, using the EGG niche file type. The emails with EGG attachments are meant to specifically take aim at South Korean users.
Trend Micro researchers, who first observed the offensive campaign in early August, noted that the attachments are being used to deliver the GandCrab v4.3 ransomware. The firm said the rash of emails uses “e-commerce violation” lures.
Read more about the new campaign that could mark yet another reinvention for the VenusLocker group, which has mostly been focused on cryptomining this year, on Threatpost.
A former Microsoft network engineer has been sentenced to 18 months in prison for his role in helping launder money obtained from victims of the Reveton ransomware. Uadiale admitted to helping cash ransom payments obtained by a cybercriminal who distributed Reveton ransomware.
This happened in the early days of ransomware, between October 2012 and March 2013. Reveton operators asked victims to pay using GreenDot MoneyPak vouchers, which Uadiale’s would then convert into the Liberty Reserve digital currency, keeping 30% of the money as a cut for his services.
Read more about the Reveton ransomware money laundering operations on BleepingComputer.
A new form of ransomware is spreading to victims around the world and the way it’s built suggests those behind it could use it to launch more sophisticated attacks in future.
KeyPass ransomware first appeared on 8 August and so far has spread to hundreds of victims in more than 20 countries around the world via fake software installers which download the ransomware onto the victim’s PC.
Read more about KeyPass ransomware, which comes with the additional option for the attackers to take manual control of an infected system according to researchers at Kaspersky Lab, on ZDNet.
The cybersecurity attack landscape moves fast, really fast. Last year, not a week passed that didn’t bring about news on a new ransomware incident. Fast forward a year and by all accounts ransomware incidents are on the decline – by as much as 32% according to some reports.
Dig a little deeper and we see that, for enterprises, the ransomware threat is actually not going away anytime soon. For while attack volume may have declined, ransomware attacks have evolved to be more sophisticated, targeted and effective against unsuspecting users and unprepared organizations.
Read more about the evolution of ransomware attacks and learn how you can protect your organization from this threat on Security Magazine.
The SamSam ransomware has earned its creator(s) more than $5.9 million in ransom payments since late 2015, according to the most comprehensive report ever published on SamSam’s activity, containing information since the ransomware’s launch in late 2015 and up to attacks that have happened earlier this month.
Compiled by UK cyber-security firm Sophos, the 47-page report is a result of researchers collecting data from past attacks, talking to victims, and data-mining public and private sources for SamSam samples that might have slipped through the cracks.
Read more about the findings of the elaborate report on SamSam ransomware on BleepingComputer.
A ransomware infection has crippled the US network of one of the world’s largest shipping giants —COSCO (China Ocean Shipping Company). “Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment,” said the company in a press release. “For safety precautions, we have shut down the connections with other regions for further investigations.”
But while the company described the incident as a “network breakdown,” according to internal emails seen by several maritime news sites [1, 2], the company referred to the incident as a ransomware infection.
Read more about the ransomware attack on shipping giant COSCO’s American network on BleepingComputer.
An old form of ransomware has been re-purposed to steal bitcoin by altering the addresses of wallets and redirecting payments into accounts owned by the attacker. Little of the malicious code has been changed so a number of security products will still identify it as the file-locking malware, despite this version’s new role in outright stealing cryptocurrency.
LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn’t result in a data breach. However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production servers.
SonicWall announces record numbers for malware volume, ransomware attacks, encrypted threats and chip-based attacks in the mid-year update of the 2018 SonicWall Cyber Threat Report.
The malware boom of 2017 has shown no signs of stopping through the first half of 2018. SonicWall Capture Labs threat researchers recorded 5.99 billion malware attacks during the first two quarters of the year. At this same point in 2017, SonicWall logged 2.97 billion malware attacks. SonicWall also shows ransomware attacks surging in first six months of 2018.
Read more about the findings of the mid-year update of the 2018 SonicWall Cyber Threat Report on Help Net Security.