Stealth and secrecy use to be the hallmarks of cyber espionage and cyberwarfare, with spies and hackers sneaking in and out of target networks without leaving a trace or evidence that could be linked back to them. But increasingly, cyber attacks are now carried out in fully public view, and many attackers don’t appear to worry so much about keeping under the radar. Some even seem to go out of their way to make sure they are spotted.
One example of the way cyberattacks have gone public: the WannaCry ransomware caused chaos and made headlines around the world, with many businesses locked out of their PCs by hackers who demanded a bitcoin ransom in exchange for restoring access to data.
Read more about this surprising development on ZDNet.
Backdoor and ransomware detections increased 44% and 43%, respectively, in 2018, the same year nearly 30% of computers faced at least one malicious threat online, researchers report.
The Kaspersky Security Bulletin 2018 found malware should be among everyone’s top concerns as we head into the new year. Kaspersky Labs handled 346,000 new malicious files each day in the first 10 months of 2018 and detected 21,643,946 unique malicious objects this year.
Read more about the findings of the Kaspersky report on DarkReading.
Moscow recently opened its first cable-car service and promised free rides for the first month. Unfortunately, only days after after the service was made available, attackers reportedly hacked into the cable car systems and infected them with ransomware.
According to one Russian media report, the main computer for the cable car system was infected with ransomware and was demanding a ransom payment in bitcoins to decrypt the files required for the operation of the cable car.
Security vendor SonicWall says its customers encountered a total of 91 million attacks overall in the days preceding Thanksgiving and those immediately after: Black Friday, Small Business Saturday, and Cyber Monday.
The number represented an unexpected 34% decrease, or a third fewer attacks, compared with the same period in 2017. The decline was especially sharp on Cyber Monday, which by all early accounts was record-breaking both in terms of the number of online shoppers and sales. However, SonicWall did encounter a sharp increase in ransomware attacks over the online holiday shopping days.
Read more about the findings of the new SonicWall report on DarkReading.
Two men — Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran — have been indicted in a criminal conspiracy around the creation and distribution of the SamSam ransomware campaign. The indictment, unsealed today, was handed down by a federal grand jury in New Jersey.
Two hospitals in Ohio and West Virginia have been forced to turn away emergency patients after their computer systems were crippled in a ransomware attack over the weekend. The hospitals — the Ohio Valley Medical Center in Wheeling, West Virginia, and East Ohio Regional Hospital in Martins Ferry, detected the ransomware attack on Nov. 23. It spread through their networks over the weekend.
The details of the form of ransomware were not known, but the attack caused system failures. The hospitals could not process incoming emergency patients, forcing them to divert those requiring medical treatment to other local hospitals.
Officials from the city of Valdez, Alaska have admitted last week to paying $26,623.97 to hackers after the city’s IT network was crippled by a ransomware infection in July. “Based on recommendations from several cyber-crimes specialists, the City engaged a specialty cyber-incident response and digital forensics firm based out of Virginia,” said the city’s police chief.
Despite the ransomware having infected 27 servers and 170 computers, the third-party firm managed to negotiate the ransom payment down to 4 bitcoin, worth $26,623.97, at the time. The city got off cheap, as ransomware groups usually tend to request between 0.2 and 1 bitcoin per infected system.
Read more about the ransomware attack on the city of Valdez on ZDNet.
The Altus Baytown Hospital (ABH) has revealed a ransomware outbreak which may have led to the leak of patient data. In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization’s systems on roughly September 3.
The “unauthorized party” deployed malicious code and infected the hospital’s systems with a strain of ransomware. The ransomware at fault for the infection is known as Dharma. As with most strains, the malware was able to encrypt files and then demanded a ransom payment in return for access. As the threat actor was present on ABH servers and details are thin on the ground, it is possible data has also made its way into the wrong hands.
Read more about the ransomware attack on a Texas hospital on ZDNet.
Sophos today launched its 2019 Threat Report providing insights into emerging and evolving cybersecurity trends. The report explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.
The SophosLabs 2019 Threat Report found that capitalist cybercriminals are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom -2018 saw the advancement of hand-delivered, targeted ransomware attacks that are earning cybercriminals millions of dollars. These attacks are different than ‘spray and pray’ style attacks that are automatically distributed through millions of emails.
Read more about the findings of the new Sophos report on AP News.
Ransomware continues to dominate the cyberthreat landscape for small- and medium-sized businesses (SMBs), according to a report from Datto. Ransomware was the no. 1 cyberattack experienced by SMBs in 2018, with companies facing these attacks more than viruses or spyware.
The report surveyed 2,400 managed service providers (MSPs) that provide IT support for half a million SMBs globally. It found that ransomware attacks occur frequently, and are expected to increase. More than 55% of those surveyed said their clients experienced a ransomware attack in the first six months of 2018, and 35% said their clients were attacked multiple times in the same day. Some 92% of MSPs said they predict the number of attacks will continue at current or increased rates, the report found.
Read more about the findings of the Datto report on TechRepublic.