Tag: Ransomware

This password-stealing malware just added a new way to infect your PC

A powerful form of malware which can be used to distribute threats including Trojans, ransomware and malicious cryptocurrency mining software has been updated with a new technique which has rarely been seen in the wild.

Distributed in spam email phishing campaigns, Smoke Loader has been sporadically active since 2011 but has continually evolved. The malware has been particularly busy throughout 2018, with campaigns including the distribution of Smoke Loader via fake patches for the Meltdown and Spectre vulnerabilities which emerged earlier this year.

Read more about Smoke Loader malware, the latest version of which uses an injection technique not seen in the wild until now, on ZDNet.

Ransomware: Not dead, just getting a lot sneakier

Last year, high-profile incidents like the WannaCry ransomware outbreak made the file-encrypting malware internet enemy number one. But as 2017 went on the impact of ransomware dwindled and detections of long-standing ransomware families like Locky and Cerber massively declined.

A key factor behind the decline is the rise of cryptocurrency mining malware and low-level cyber criminals shifting their attention to ‘cryptojacking’ as a simpler, less risky means of illicitly making money. So is it all over for ransomware? Perhaps not.

Read why, while there’s been a shift towards cryptojacking attacks, file-encrypting malware is adapting and is still a potent threat to businesses, on ZDNet.

Thanatos ransomware: Free decryption tool released for destructive file-locking malware

Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating that those behind it remain an active threat.

In order to combat the destruction caused by files which can’t be decrypted, researchers at Cisco Talos have built and released a free tool for decrypting the files – ThanatosDecryptor, which is available to download now.

Read more about Thanatos ransomware and the free file decryptor released by researchers at Cisco Talos on ZDNet.

This new Android malware delivers banking trojan, keylogger and ransomware

An experimental form of Android malware delivers a banking trojan, a keylogger and ransomware to those unfortunate to fall victim to it. Uncovered by security researchers at security company ThreatFabric, the malware was first thought to be an updated version of Lokibot – but as it contain various new features researchers are labelling it as a new form of malware – MysteryBot.

However, MysteryBot and LokiBot share the same command and control server, indicating a strong link between the two forms malware, with the potential that they’ve been developed by the same attacker. The malware is also potentially potent, with the trojan capable of controlling the functionality of the infected devices, including the ability to read messages, gather contact information and more.

Read more about the uncovered MysteryBot malware that’s still in development – but has the potential to become a nasty threat, on ZDNet.

Has paying the ransom become business as usual?

Radware released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber attack.

According to the report, 69% of executives said that their company faced a ransom attack in the past year, compared with only 14% noting so in 2016. Meanwhile, two-thirds of executives (66%) report a lack of confidence in their network security, admitting their networks are penetrable by hackers. Beyond more frequent ransom payments, organizations are facing significant consequences and concerns related to cyber-attacks.

Read more about the findings of the new report by Radware on Help Net Security.

Why your security camera footage could be at risk in a ransomware attack

A March ransomware attack on the Atlanta Police Department is still being felt three months later as the department reveals it has irrevocably lost all its dashcam footage due to the incident. The March incident affected all of Atlanta’s city government, resulting in the near paralysis of the city. Like many ransomware attacks in the past year, the one that targeted Atlanta, SamSam, relied on unpatched known vulnerabilities to wreak havoc.

For many IT directors and security professionals the data that’s considered valuable in a ransomware situation is mission-essential databases, spreadsheets, applications, and the like. As the APD can attest, there’s a lot of other kinds of media that’s at risk when ransomware hits. Any data stored on a computer or server infected with ransomware is vulnerable, and that includes video, images, audio, and other types of media.

Read more about the kinds of data that could be lost if a ransomware attack hits your organization, and how to prevent this, on TechRepublic.

To pay hackers’ ransom demands or to invest in more security?

One third of global business decision makers report that their organization would try to cut costs by paying a ransom demand from a hacker rather than invest in information security.

The findings from the latest Risk:Value report, commissioned by NTT Security, show that a further 16 percent are not sure if they would pay or not, leaving just half of respondents prepared to invest in security and take a less reactive approach to the protection of their organization.

Read more about the findings of NTT Security’s annual Risk:Value report, which surveyed 1,800 C-level executives and other decision makers from non-IT functions in 12 countries across Europe, the US and APAC and from across multiple industry sectors, on Help Net Security.

1 in 10 healthcare organizations paid a ransom within the last year

More than one in three healthcare organizations have suffered a cyberattack within the last year, while almost one in 10 have paid a ransom or extortion fee, according to Imperva. Healthcare data is extremely valuable on the dark web as it contains highly sensitive data, both financial and protected health information. As a result, healthcare organizations are increasingly attractive to attackers.

Imperva’s survey of 102 Healthcare IT professionals, which was carried out at the 2018 Healthcare Information and Management Systems Society (HIMSS) Conference, revealed that 77 percent of respondents were very concerned about a cybersecurity event striking their organization and 15 percent admitted that their organization’s ability to handle a cyberattack needed work.

Read more about the findings of the survey by Imperva on Help Net Security.


Gandcrab Ransomware Exploits Website Vulnerabilities

Researchers at Cisco Talos have detected a new batch of Gandcrab ransomware being distributed through legitimate but poorly secured sites. Gandcrab, among the newest threats in the ransomware space, started as a simple attack and quickly evolved as its authors adapted to security defenses. In the first two months of 2018, attackers infected more than 50,000 victims and generated more than $600,000 for attackers. This threat spreads via spam campaigns and exploit kits including Rig and Grandsoft.

Talos researchers were analyzing a recent spam campaign when they found a series of compromised sites delivering Gandcrab and continued to identify four separate campaigns over the period of one week. The first started on April 30 and was disguised as an online order. An attached ZIP file has a Word document that downloads and executes the ransomware. Emails contained either VBScripts or ZIP files but always delivered the same result.

Read more about the campaigns distributing Gandcrab ransomware on legitimate websites with poor security measures on DarkReading.

Organisations across the UK are still struggling with ransomware

A year after the WannaCry ransomware attack impacted an estimated 200,000 victims, new research has revealed that organisations across the UK are still struggling to deal with ransomware. Webroot surveyed over 400 IT decision makers at UK businesses and found that 45 per cent of those surveyed had suffered a ransomware attack, with nearly a quarter (23 per cent) actually paying the ransom. Despite this finding, 88 percent of organisations feel better equipped to deal with an attack following WannaCry, suggesting a sense of false confidence.

This sentiment is magnified in the healthcare industry, where organisations are more prone to attack than other industries surveyed. Over half of healthcare companies polled (52 per cent) suffered an attack. Despite this, 98 per cent of respondents in the healthcare sector feel better equipped to deal with a ransomware attack than a year ago.

Read more about the findings of the new Webroot survey on Help Net Security.