Flight information screens were blacked out over the weekend at the Bristol Airport in the UK. Airport officials blamed the incident on a ransomware infection that affected the computers running the airport’s in-house TV screens displaying arrival and departure flight information.
The infection appears to have taken root on Friday morning, local time, according to the Bristol Airport’s social media accounts. Airport officials said they did not intend to pay the attacker’s ransom demand and opted to take down their systems while they serviced affected computers. Functionality to affected systems was restored on Sunday morning, local time.
Read more about the ransomware attack on Bristol Airport on ZDNet
The computer systems in a Florida Keys school district were down for a week due to a ransomware attack. The problems were made worse as right as district was bringing up some administration and school computers, Comcast suffered a day-long outage due to a cut fiber.
Monroe Country School District was the victim of a GandCrab ransomware attack. GandCrab, first spotted in January, was dubbed the leading ransomware threat in July. A school district employee working on payroll discovered undisclosed problems on Sunday, September 9, and submitted an IT ticket. IT contacted Symantec and was advised to bring it all down and secure the system.
Read more about the recent GandCrab ransomware attack on CSO.
There’s a new malware carrier in town, and it’s bringing an old piece of ransomware with it in an initial campaign, though researchers warn that there’s no reason that the new exploit kit (which was named “Fallout” by the researchers who found it) could not deliver multiple malware packages.
The Japanese security researchers, nao_sec, found the initial instance of the software they dubbed the Fallout Exploit Kit because of its similarity to the previously known Nuclear Pack Exploit Kit. The exploit kit, which nao-sec saysuses CVE-2018-4878 and CVE-2018-8174, using first VBScript, then Flash vulnerabilities to infect the victim.
Read more about thew Fallout exploit kit on DarkReading.
A concentrated spam campaign pushing ransomware is targeting businesses in Europe, encrypting files and demanding victims pay a ransom in order to retrieve them. Dubbed PyLocky by researchers, the malware claims to be Locky, but it’s totally unrelated to what was one of the most prolific ransomware families of last year.
The new ransomware, which first appeared in July by researchers at Trend Micro shows that the ransomware is focused on targets in Europe, with France a particular target for the malware – by late August, almost two thirds of PyLocky spam was being sent to victims in France.
Read more about the new PyLocky ransomware campaign on ZDNet.
While only large-scale attacks such as WannaCry make headlines, small businesses are being hit by ransomware attacks as well. According to Datto’s 2017 Ransomware Report, eighty-six percent of IT managed service providers (MSPs) said their SMB clients have been victimised by ransomware in 2017.
The spike in ransomware attacks means it has never been more important for SMBs to have a reliable business continuity and disaster recovery (BCDR) plan in place. It also means there has never been a better time for MSPs to talk to their clients about implementing a BCDR solution.
Read why Ian van Reenen of Datto believes that ransomware creates a big opportunity for MSPs to educate their SMB clients, on Help Net Security.
Barack Obama’s Everlasting Blue Blackmail Virus Ransomware, as tweeted by MalwareHunterTeam, is perhaps one of the more peculiar strains of ransomware which have emerged over the course of this year.
The Windows-based malware is distributed through spam and phishing campaigns and will first scan an infected system for processes associated with antivirus solutions. As reported by Bleeping Computer, the Obama ransomware will then scan seek to encrypt .EXE files in Windows folders, which may cause irrevocable damage to an infected PC, thereby giving the victim little incentive to pay the ransom. This could be the result of inept developers or an oversight on their part.
Read more about this peculiar new ransomware strain on ZDNet.
Victims of RansomWarrior, a new form of ransomware discovered in early August, can now retrieve their encrypted files without having to pay a bitcoin ransom. RansomWarrior appears to be the work of Indian hackers. The file-locking malware targets Microsoft Windows users. Victims are shown a ransom note and given instructions to visit a dark web address in order to pay an unspecified ransom in bitcoin cryptocurrency.
Researchers at Check Point analysed RansomWarrior and found it to be the work of seemingly inexperienced attackers, and were able to retrieve the decryption keys from the malware.
Read more about how Check Point researchers were able to retrieve files decrypted by RansomWarrior ransomware on ZDNet.
It’s become a fact of life that hackers might lock down your computer, blocking access to your most valuable data, and vowing to free it only if you pay up. Ransomware is nothing new, but it’s profitable, and hackers are deploying it left and right.
Mitigating ransomware is actually fairly straightforward. If you have backups, if your network is segmented, really all you have to do is wipe the infected computers, and reimage them from backups. If you’re prepared, the recovery takes maybe 20 minutes. But if it’s so easy to recover from ransomware, why is it still such a problem?
A new ransomware campaign targeting large organisations in the US and around the world has made the attackers behind it over $640,000 in bitcoin in the space of just two weeks, and appears to be connected to Lazarus, the hacking group working out of North Korea.
Ryuk ransomware first emerged in mid-August and in the space of just days infected several organisations across the US, encrypting PCs and storage and data centres of victims and demanded huge Bitcoin ransoms.
Read more about Ryuk ransomware, which is being used in highly targeted attacks, on ZDNet.
The VenusLocker group appears to be back, hatching a fresh GandCrab ransomware campaign, using the EGG niche file type. The emails with EGG attachments are meant to specifically take aim at South Korean users.
Trend Micro researchers, who first observed the offensive campaign in early August, noted that the attachments are being used to deliver the GandCrab v4.3 ransomware. The firm said the rash of emails uses “e-commerce violation” lures.
Read more about the new campaign that could mark yet another reinvention for the VenusLocker group, which has mostly been focused on cryptomining this year, on Threatpost.