Archive for the ‘ransomware’ Category

Canon DSLR Cameras Can Be Hacked With Ransomware Remotely

August 12th, 2019
The threat of ransomware is becoming more prevalent and severe as attackers' focus has now moved beyond computers to smartphones and other Internet-connected smart devices. In its latest research, security researchers at cybersecurity firm CheckPoint demonstrated how easy it is for hackers to remotely infect a digital DSLR camera with ransomware and hold private photos and videos hostage

Posted in Camera, Camera security, Canon DSLR Camera, cyber security, hacking DSLR camera, How to hack DSLR camera, ransomware, Vulnerability, wifi hacking | Comments (0)

Ransomware, “wiper” malware attacks have more than doubled, IBM team says

August 5th, 2019
RYAZAN, RUSSIA - JUNE 28, 2017: The silhouette of a young man against a red background with a projected message related to the Petya ransomware; on 27 June 2017 a variant of the Petya ransomware virus hit computers of companies in Russia, Ukraine, and other countries in a cyber attack. Alexander Ryumin/TAS (Photo by Alexander RyuminTASS via Getty Images)

Enlarge / RYAZAN, RUSSIA - JUNE 28, 2017: The silhouette of a young man against a red background with a projected message related to the Petya ransomware; on 27 June 2017 a variant of the Petya ransomware virus hit computers of companies in Russia, Ukraine, and other countries in a cyber attack. Alexander Ryumin/TAS (Photo by Alexander RyuminTASS via Getty Images) (credit: Alexander RyuminTASS via Getty Images)

It would be hard to miss the rise of ransomware attacks given how visible some have been this year. With multiple state and local governments set back on their heels by ransomware—including the RobbinHood ransomware attack in May that the City of Baltimore is still recovering from, to the tune of $10 million in recovery costs and $8 million in lost revenue—ransomware attacks have become an almost daily part of the news. But these attacks against municipal and state governments are only the most high profile part of a much larger trend, according to a report issued by IBM's X-Force Incident Response and Intelligence Services (IRIS) today.

According to data from X-Force IRIS, the ransomware problem is part of a much larger overall increase in destructive malware attacks that has been spiking over the past six months. X-Force's response to cases of destructive malware increased 200 percent between January to July 2019 in comparison to the previous six-month period.

"Of those destructive malware cases, 50% targeted organizations in the manufacturing industry," the researchers noted. "Other sectors significantly affected included oil and gas and education. Most of the destructive attacks we have observed hit organizations in Europe, the United States, and the Middle East."

Read 11 remaining paragraphs | Comments

Posted in Baltimore City ransomware, Biz & IT, ransomware, Wiper malware | Comments (0)

Ransomware Attack Caused Power Outages in the Biggest South African City

July 26th, 2019
Yesterday, some residents of Johannesburg, the largest city in South Africa, were left without electricity after the city's power company got attacked by a ransomware virus. City Power, the company responsible for powering South Africa's financial capital Johannesburg, confirmed Thursday on Twitter that it had been hit by a Ransomware virus that had encrypted all of its databases, applications

Posted in computer virus, Cyber Attack, Malware attack, power Outage, ransomware, ransomware attack, ransomware malware | Comments (0)

Whitehats use DoS attack to score key victory against ransomware crooks

July 10th, 2019
A diagram showing how a DoS shut down an ongoing ransomware campaign.

Enlarge / A diagram showing how a DoS shut down an ongoing ransomware campaign. (credit: Intezer)

Whitehats used a novel denial-of-service hack to score a key victory against ransomware criminals. Unfortunately, the blackhats have struck back by updating their infrastructure, leaving the fight with no clear winner.

Researchers at security firm Intezer performed the DoS technique against ransomware dubbed QNAPCrypt, a largely undetected strain that, as its name suggests, infects network storage devices made by Taiwan-based QNAP Systems and possibly other manufacturers. The hack spread by exploiting secure shell, (or SSH) connections that used weak passwords. The researchers’ analysis found that each victim received a unique bitcoin wallet for sending ransoms, a measure that was most likely intended to prevent the attackers from being traced. The analysis also showed that QNAPCrypt only encrypted devices after they received the wallet address and a public RSA key from the command-and-control server.

Intezer researchers soon noticed two key weaknesses in that process:

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, exploits, NAS, network attached storage, ransomware, vulnerabilities | Comments (0)

Georgia court systems recovering from apparent Ryuk ransomware

July 2nd, 2019
A ransom note is plastered across a laptop monitor.

Enlarge / The latest victim of an apparent wave of Ryuk ransomware has managed to fend off paying attackers, but not everyone is getting away unscathed. (credit: Getty Images)

A spokesman for Georgia's Administrative Office of the Courts has confirmed that the AOC's information technology team discovered ransomware on the organization's servers on Saturday. While the spokesman could not provide specific details about the ransomware involved in the attack, its characteristics are consistent with the Ryuk ransomware that has struck multiple companies and government agencies over the past few months—including at least two Florida cities.

Bruce Shaw, communications and outreach specialist for the AOC, told Ars that a file containing contact information for the ransomware operators was left on the affected servers but that no specific ransom was demanded. "After an assessment of our system, it was determined that it would be best to take our network offline," Shaw said.

The attack's affects were isolated to servers providing the AOC's applications—including case management. "Individual courts' networks are not affected," Shaw said. "Only courts who use applications hosted by our network might experience some delay in their local operations. Our understanding is that all courts are operational, but some processes normally handled by our applications may be impacted."

Read 5 remaining paragraphs | Comments

Posted in Baltimore ransomware attack, Biz & IT, Florida ransomware, Georgia, ransomware, ryuk | Comments (0)

Ryuk, Ryuk, Ryuk: Georgia’s courts hit by ransomware

July 1st, 2019
Court systems in Georgia are down due to a ransomware attack. Surprise.

Enlarge / Court systems in Georgia are down due to a ransomware attack. Surprise. (credit: Rivers Langley / SaveRivers / Wikimedia)

Georgia's Judicial Council and Administrative Office of the Courts is the victim of the latest ransomware attack against state and local agencies. And this looks like the same type of attack that took down the systems of at least two Florida municipal governments in June.

Administrative Office of the Courts spokesman Bruce Shaw confirmed the ransomware attack to Atlanta's Channel 11 News. The Administrative Office of the Courts' website is currently offline.

Shaw told 11 News that some systems had not been affected by the ransomware but that all systems connected to the network had been taken offline to prevent the ransomware from spreading. The Courts' IT department was in contact with "external agencies" to coordinate a response to the attack, Shaw said.

Read 4 remaining paragraphs | Comments

Posted in Atlanta, Biz & IT, Florida, ransomware, ryuk | Comments (0)

Florida LAN: Someone clicks link, again, giving Key Biscayne ransomware

June 28th, 2019
Key Biscayne, Florida, is the third Florida local government to get hit by ransomware within a month.

Enlarge / Key Biscayne, Florida, is the third Florida local government to get hit by ransomware within a month. (credit: Alicia Vera/Bloomberg via Getty Images)

A third Florida local government has reported that it has been struck by ransomware. Key Biscayne joins Lake City as a victim of Ryuk, a form of ransomware first spotted in August of 2018. Ryuk was the final piece of what has been labeled the "Triple Threat' attack, the other two threats being Emotet and Trickbot malware.

While the attack on Riviera Beach, Florida revealed last week was similar—all three cases start with a city employee clicking on an attachment in email and unleashing malware—it's not certain if that attack was also based on Ryuk.

Ryuk is targeted ransomware, originally linked to the North Korean "Lazarus" threat group, but now it appears to have been adopted by non-state criminal ransomware operators as well. It comes with a tailored ransom note that directs victims to contact the attacker via email. It has been known to lay dormant for up to a year before executing.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, Emotet, Florida, ransomware, ryuk, TrickBot | Comments (0)

“We need to up our game”—DHS cybersecurity director on Iran and ransomware

June 28th, 2019
Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, at a recent Senate hearing. Krebs issued a warning earlier this week on a surge in Iranian state-sponsored "malicious cyber activity."

Enlarge / Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, at a recent Senate hearing. Krebs issued a warning earlier this week on a surge in Iranian state-sponsored "malicious cyber activity." (credit: Tom Williams/CQ Roll Call via Getty Images)

Last weekend, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs issued a statement warning about elevated malicious Internet activity from state-sponsored actors in Iran. The notice corresponded to new warnings from private security research firms, including Recorded Future, of a surge in preparatory activity over the past three months by APT33, a threat group connected to the Iranian government and Iranian Revolutionary Guard Corps (IRGC, Iran's military).

In an interview with Ars, Krebs explained that the reason for the warning went beyond that "regional activity"—attacks on Saudi Arabian companies and other organizations in the Persian Gulf and South Asia.

"Over the course of the last couple of weeks, and in particular last week I'd say, [the activity] became specifically directed," he said. A "sense of the community"—reports from US intelligence and other agencies, as well as private sector cybersecurity vendors—showed a significant leap in spear-phishing attacks connected to infrastructure associated with APT33 against targets in the US over the past week, Krebs said. "So you combine that increase in activity with a historic intentionality and demonstrated ability, after previous destructive campaigns, and it was time to make a statement and say, 'Hey look, everybody, this is heating up. And politically it is also heating up... We need to step up our game.'"

Read 13 remaining paragraphs | Comments

Posted in APT 33, APT33, Biz & IT, CISA, Departrment of Homeland Security, DHS, election security, Iran, Policy, ransomware | Comments (0)

New ransomware infections are the worst drive-by attacks in recent memory

June 27th, 2019
Screenshot of ransomware.

Enlarge (credit: Malwarebytes)

An ongoing operation that’s installing ransomware and other malware on the computers of unsuspecting website visitors is one of the most potent drive-by attack campaigns researchers have seen in recent memory.

The attacks install three pieces of malware using an exploit kit called GreenFlash Sundown, which researchers identified in 2015 and have continued to follow since. Attacks in recent weeks have spiked again as ShadowGate—one of the names given to the hacker group behind the campaign—has unleashed a highly revamped version of the exploit kit on hacked ad servers run by Web publishers. The most notable compromise is of an ad server belonging to onlinevideoconverter[.]com, a site with more than 200 million visitors per month that converts YouTube videos into video files that can be stored on a computer hard drive.

“They are ongoing and with a scale we haven’t seen in a couple of years when it comes to exploit kit-related attacks,” Jérôme Segura, a Malwarebytes researcher tracking the campaign, said of the attacks on onlinevideoconverter[.]com visitors. “We literally noticed a huge spike in our telemetry starting a few days ago, which is very unusual. Given what we see in our telemetry, this is the most successful drive-by campaign we have seen in quite a while, so we can infer many people were affected by it.”

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, drive-by attacks, exploits, ransomware, vulnerabilities | Comments (0)

Baltimore ransomware nightmare could last weeks more, with big consequences

May 20th, 2019
Days after Mayor "Jack" Young took over for disgraced Baltimore Mayor Catherine Pugh, ransomware took down Baltimore City's networks. It may be weeks or months before things return to normal—and "normal" wasn't that great, either, based on the city's IT track record.

Enlarge / Days after Mayor "Jack" Young took over for disgraced Baltimore Mayor Catherine Pugh, ransomware took down Baltimore City's networks. It may be weeks or months before things return to normal—and "normal" wasn't that great, either, based on the city's IT track record. (credit: Alex Wroblewski/Getty Images)

It's been nearly two weeks since the City of Baltimore's networks were shut down in response to a ransomware attack, and there's still no end in sight to the attack's impact. It may be weeks more before the city's services return to something resembling normal—manual workarounds are being put in place to handle some services now, but the city's water billing and other payment systems remain offline, as well as most of the city's email and much of the government's phone systems.

The ransomware attack came in the midst of a major transition at City Hall. Mayor Bernard C. “Jack” Young assumed office officially just days before the attack, after the resignation of former mayor Catherine Pugh, who is facing an ever-expanding corruption investigation. And some of the mayor's critical staff positions remained unfilled—the mayor's deputy chief of staff for operations, Sheryl Goldstein, starts work today.

To top it off, unlike the City of Atlanta—which suffered from a Samsam ransomware attack in March of 2018—Baltimore has no insurance to cover the cost of a cyber attack. So the cost of cleaning up the RobbinHood ransomware, which will far exceed the approximately $70,000 the ransomware operators demanded, will be borne entirely by Baltimore's citizens.

Read 11 remaining paragraphs | Comments

Posted in Baltimore, baltimore police department, Biz & IT, Policy, ransomware | Comments (0)