Tag: Ransomware

Cyber security: Hackers step out of the shadows with bigger, bolder attacks

Stealth and secrecy use to be the hallmarks of cyber espionage and cyberwarfare, with spies and hackers sneaking in and out of target networks without leaving a trace or evidence that could be linked back to them. But increasingly, cyber attacks are now carried out in fully public view, and many attackers don’t appear to worry so much about keeping under the radar. Some even seem to go out of their way to make sure they are spotted.

One example of the way cyberattacks have gone public: the WannaCry ransomware caused chaos and made headlines around the world, with many businesses locked out of their PCs by hackers who demanded a bitcoin ransom in exchange for restoring access to data.

Read more about this surprising development on ZDNet.

Backdoors Up 44%, Ransomware Up 43% from 2017

Backdoor and ransomware detections increased 44% and 43%, respectively, in 2018, the same year nearly 30% of computers faced at least one malicious threat online, researchers report.

The Kaspersky Security Bulletin 2018 found malware should be among everyone’s top concerns as we head into the new year. Kaspersky Labs handled 346,000 new malicious files each day in the first 10 months of 2018 and detected 21,643,946 unique malicious objects this year.

Read more about the findings of the Kaspersky report on DarkReading.

Moscow’s New Cable Car System Infected with Ransomware the Day After it Opens

Moscow recently opened its first cable-car service and promised free rides for the first month. Unfortunately, only days after after the service was made available, attackers reportedly hacked into the cable car systems and infected them with ransomware.

According to one Russian media report, the main computer for the cable car system was infected with ransomware and was demanding a ransom payment in bitcoins to decrypt the files required for the operation of the cable car.

Read more about the ransomware attack on BleepingComputer.

Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year

Security vendor SonicWall says its customers encountered a total of 91 million attacks overall in the days preceding Thanksgiving and those immediately after: Black Friday, Small Business Saturday, and Cyber Monday.

The number represented an unexpected 34% decrease, or a third fewer attacks, compared with the same period in 2017. The decline was especially sharp on Cyber Monday, which by all early accounts was record-breaking both in terms of the number of online shoppers and sales. However, SonicWall did encounter a sharp increase in ransomware attacks over the online holiday shopping days.

Read more about the findings of the new SonicWall report on DarkReading.

Federal Indictments in SamSam Ransomware Campaign

Two men — Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran — have been indicted in a criminal conspiracy around the creation and distribution of the SamSam ransomware campaign. The indictment, unsealed today, was handed down by a federal grand jury in New Jersey.

According to the six-count indictment, Savandi and Mansouri hit more than 200 victims, mostly in the government, critical infrastructure, and healthcare sectors. The victims included the City of Atlanta; the City of Newark, N.J.; the Port of San Diego; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta; and six health care-related entities.

Read more about the indictments in the SamSam campaign on DarkReading.

Hospitals in Ohio and West Virginia turn away patients after ransomware attack

Two hospitals in Ohio and West Virginia have been forced to turn away emergency patients after their computer systems were crippled in a ransomware attack over the weekend. The hospitals — the Ohio Valley Medical Center in Wheeling, West Virginia, and East Ohio Regional Hospital in Martins Ferry, detected the ransomware attack on Nov. 23. It spread through their networks over the weekend.

The details of the form of ransomware were not known, but the attack caused system failures. The hospitals could not process incoming emergency patients, forcing them to divert those requiring medical treatment to other local hospitals.

Read more about the ransomware attacks on Silicon Angle.

City of Valdez, Alaska admits to paying off ransomware infection

Officials from the city of Valdez, Alaska have admitted last week to paying $26,623.97 to hackers after the city’s IT network was crippled by a ransomware infection in July. “Based on recommendations from several cyber-crimes specialists, the City engaged a specialty cyber-incident response and digital forensics firm based out of Virginia,” said the city’s police chief.

Despite the ransomware having infected 27 servers and 170 computers, the third-party firm managed to negotiate the ransom payment down to 4 bitcoin, worth $26,623.97, at the time. The city got off cheap, as ransomware groups usually tend to request between 0.2 and 1 bitcoin per infected system.

Read more about the ransomware attack on the  city of Valdez on ZDNet.

Texas hospital becomes victim of Dharma ransomware

The Altus Baytown Hospital (ABH) has revealed a ransomware outbreak which may have led to the leak of patient data. In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization’s systems on roughly September 3.

The “unauthorized party” deployed malicious code and infected the hospital’s systems with a strain of ransomware. The ransomware at fault for the infection is known as Dharma. As with most strains, the malware was able to encrypt files and then demanded a ransom payment in return for access. As the threat actor was present on ABH servers and details are thin on the ground, it is possible data has also made its way into the wrong hands.

Read more about the ransomware attack on a Texas hospital on ZDNet.

Sophos 2019 Threat Report unveils the rise of targeted cyberattacks

Sophos today launched its 2019 Threat Report providing insights into emerging and evolving cybersecurity trends. The report explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.

The SophosLabs 2019 Threat Report found that capitalist cybercriminals are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom -2018 saw the advancement of hand-delivered, targeted ransomware attacks that are earning cybercriminals millions of dollars. These attacks are different than ‘spray and pray’ style attacks that are automatically distributed through millions of emails.

Read more about the findings of the new Sophos report on AP News.

Ransomware no. 1 cyberthreat to SMBs

Ransomware continues to dominate the cyberthreat landscape for small- and medium-sized businesses (SMBs), according to a report from Datto. Ransomware was the no. 1 cyberattack experienced by SMBs in 2018, with companies facing these attacks more than viruses or spyware.

The report surveyed 2,400 managed service providers (MSPs) that provide IT support for half a million SMBs globally. It found that ransomware attacks occur frequently, and are expected to increase. More than 55% of those surveyed said their clients experienced a ransomware attack in the first six months of 2018, and 35% said their clients were attacked multiple times in the same day. Some 92% of MSPs said they predict the number of attacks will continue at current or increased rates, the report found.

Read more about the findings of the Datto report on TechRepublic.