Tag: Ransomware

This ransomware just added new tricks to spread faster and infect Windows XP PCs

One of the most active forms of ransomware has been updated with a new means of encrypting data as the gang behind the malware look to ensure it remains as damaging as possible. GandCrab ransomware first emerged in January this year and quickly rose to become one of the most popular forms of the file-locking malware. It’s sold cheaply on the dark web as ‘malware-as-a-service’ and has regularly received updates from its developers.

Now the latest version of the ransomware has been released and contains what researchers at Fortinet describe as “an overhaul in terms of the code structure” – and some new tricks up its sleeve.

Read about the latest version of GandCrab malware which comes packed with a different encryption mechanism and the ability to strike Windows XP machines via an SMB vulnerability, on ZDNet.

New Malware Variant Hits With Ransomware or Cryptomining

A long-known ransom Trojan has added new tactics and a new talent, according to research released by Kaspersky Labs. The Trojan-Ransom.Win32.Rakhni family has been around since 2013, but a new variant does a search of files on the victim’s system and decides whether to launch ransomware — or simply use the computer to mine cryptocurrency.

Researchers identified a new variant of the remote execution downloader that queries the victim’s system on a number of factors, from the existence of Bitcoin storage to the presence of certain virtual machine managers, before deciding which attack to launch.

Read more about the new variant of the Trojan-Ransom.Win32.Rakhni family on DarkReading.

This password-stealing malware just added a new way to infect your PC

A powerful form of malware which can be used to distribute threats including Trojans, ransomware and malicious cryptocurrency mining software has been updated with a new technique which has rarely been seen in the wild.

Distributed in spam email phishing campaigns, Smoke Loader has been sporadically active since 2011 but has continually evolved. The malware has been particularly busy throughout 2018, with campaigns including the distribution of Smoke Loader via fake patches for the Meltdown and Spectre vulnerabilities which emerged earlier this year.

Read more about Smoke Loader malware, the latest version of which uses an injection technique not seen in the wild until now, on ZDNet.

Ransomware: Not dead, just getting a lot sneakier

Last year, high-profile incidents like the WannaCry ransomware outbreak made the file-encrypting malware internet enemy number one. But as 2017 went on the impact of ransomware dwindled and detections of long-standing ransomware families like Locky and Cerber massively declined.

A key factor behind the decline is the rise of cryptocurrency mining malware and low-level cyber criminals shifting their attention to ‘cryptojacking’ as a simpler, less risky means of illicitly making money. So is it all over for ransomware? Perhaps not.

Read why, while there’s been a shift towards cryptojacking attacks, file-encrypting malware is adapting and is still a potent threat to businesses, on ZDNet.

Thanatos ransomware: Free decryption tool released for destructive file-locking malware

Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating that those behind it remain an active threat.

In order to combat the destruction caused by files which can’t be decrypted, researchers at Cisco Talos have built and released a free tool for decrypting the files – ThanatosDecryptor, which is available to download now.

Read more about Thanatos ransomware and the free file decryptor released by researchers at Cisco Talos on ZDNet.

This new Android malware delivers banking trojan, keylogger and ransomware

An experimental form of Android malware delivers a banking trojan, a keylogger and ransomware to those unfortunate to fall victim to it. Uncovered by security researchers at security company ThreatFabric, the malware was first thought to be an updated version of Lokibot – but as it contain various new features researchers are labelling it as a new form of malware – MysteryBot.

However, MysteryBot and LokiBot share the same command and control server, indicating a strong link between the two forms malware, with the potential that they’ve been developed by the same attacker. The malware is also potentially potent, with the trojan capable of controlling the functionality of the infected devices, including the ability to read messages, gather contact information and more.

Read more about the uncovered MysteryBot malware that’s still in development – but has the potential to become a nasty threat, on ZDNet.

Has paying the ransom become business as usual?

Radware released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber attack.

According to the report, 69% of executives said that their company faced a ransom attack in the past year, compared with only 14% noting so in 2016. Meanwhile, two-thirds of executives (66%) report a lack of confidence in their network security, admitting their networks are penetrable by hackers. Beyond more frequent ransom payments, organizations are facing significant consequences and concerns related to cyber-attacks.

Read more about the findings of the new report by Radware on Help Net Security.

Why your security camera footage could be at risk in a ransomware attack

A March ransomware attack on the Atlanta Police Department is still being felt three months later as the department reveals it has irrevocably lost all its dashcam footage due to the incident. The March incident affected all of Atlanta’s city government, resulting in the near paralysis of the city. Like many ransomware attacks in the past year, the one that targeted Atlanta, SamSam, relied on unpatched known vulnerabilities to wreak havoc.

For many IT directors and security professionals the data that’s considered valuable in a ransomware situation is mission-essential databases, spreadsheets, applications, and the like. As the APD can attest, there’s a lot of other kinds of media that’s at risk when ransomware hits. Any data stored on a computer or server infected with ransomware is vulnerable, and that includes video, images, audio, and other types of media.

Read more about the kinds of data that could be lost if a ransomware attack hits your organization, and how to prevent this, on TechRepublic.

To pay hackers’ ransom demands or to invest in more security?

One third of global business decision makers report that their organization would try to cut costs by paying a ransom demand from a hacker rather than invest in information security.

The findings from the latest Risk:Value report, commissioned by NTT Security, show that a further 16 percent are not sure if they would pay or not, leaving just half of respondents prepared to invest in security and take a less reactive approach to the protection of their organization.

Read more about the findings of NTT Security’s annual Risk:Value report, which surveyed 1,800 C-level executives and other decision makers from non-IT functions in 12 countries across Europe, the US and APAC and from across multiple industry sectors, on Help Net Security.

1 in 10 healthcare organizations paid a ransom within the last year

More than one in three healthcare organizations have suffered a cyberattack within the last year, while almost one in 10 have paid a ransom or extortion fee, according to Imperva. Healthcare data is extremely valuable on the dark web as it contains highly sensitive data, both financial and protected health information. As a result, healthcare organizations are increasingly attractive to attackers.

Imperva’s survey of 102 Healthcare IT professionals, which was carried out at the 2018 Healthcare Information and Management Systems Society (HIMSS) Conference, revealed that 77 percent of respondents were very concerned about a cybersecurity event striking their organization and 15 percent admitted that their organization’s ability to handle a cyberattack needed work.

Read more about the findings of the survey by Imperva on Help Net Security.