Archive for the ‘ransomware’ Category

“Severe” ransomware attack cripples big aluminum producer

March 19th, 2019
Notes posted on a window of Norsk Hydro's headquarters in Norway on March 19, 2019.

Enlarge / Notes posted on a window of Norsk Hydro's headquarters in Norway on March 19, 2019. (credit: Getty Images)

One of the world’s biggest producers of aluminum has been hit by a serious ransomware attack that shut down its worldwide network, stopped or disrupted plants, and sent IT workers scrambling to return operations to normal.

Norsk Hydro of Norway said the malware first hit computers in the United States on Monday night. By Tuesday morning, the infection had spread to other parts of the company, which operates in 40 countries. Company officials responded by isolating plants to prevent further spreading. Some plants were temporarily stopped, while others, which had to be kept running continuously, were switched to manual mode when possible. The company’s 35,000 employees were instructed to keep computers turned off but were allowed to use phones and tablets to check email.

“Let me be clear: the situation for Norsk Hydro through this is quite severe,” Chief Financial Officer Eivind Kallevik said during a press conference Tuesday. “The entire worldwide network is down, affecting our production as well as our office operations. We are working hard to contain and solve this situation and to ensure the safety and security of our employees. Our main priority now is to ensure safe operations and limit the operational and financial impact.”

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, lockergoga, ransomware | Comments (0)

Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide

March 19th, 2019
Photo by Terje Pedersen / NTB scanpix One of the world's largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an "extensive cyber attack" hit its operations, leaving companies' IT systems unusable. According to a press release shared by Aluminum giant Norsk Hydro today, the company has temporarily shut down several plants and

Posted in computer virus, Enterprise Security, hacking news, Malware attack, ransomware, ransomware attack, ransomware malware | Comments (0)

Popular Torrent Uploader ‘CracksNow’ Caught Spreading Ransomware

February 18th, 2019
It's not at all surprising that downloading movies and software from the torrent network could infect your computer with malware, but it's more heartbreaking when a popular, trusted file uploader goes rogue. Popular software cracks/keygens uploader "CracksNow," who had trusted status from many torrent sites, has now been banned from several torrent sites after he was repeatedly found

Posted in best torrent sites, cyber security, GandCrab ransomware, hacking news, kickass torrent, ransomware, The Pirate Bay, Torrent Download Software, torrent files | Comments (0)

GandCrab ransomware and Ursnif virus spreading via MS Word macros

January 25th, 2019
Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from

Posted in Cyber Attack, GandCrab ransomware, macros, malware, Microsoft office, Microsoft Word, ransomware, ransomware malware, Spear Phishing, Ursnif malware | Comments (0)

New ransomware rakes in $4 million by adopting a “big game hunting” strategy

January 12th, 2019
New ransomware rakes in $4 million by adopting a “big game hunting” strategy

(credit: Tracy O / Flickr)

A recently discovered ransomware group has netted almost $4 million since August, in large part by following a path that’s uncommon in its industry—selectively installing the malicious encryption software on previously infected targets with deep pockets. The method differs from the usual one of indiscriminately infecting all possible victims. That’s the take of two analyses published Thursday, one by security firm CrowdStrike and the other by competitor FireEye.

Both reports say that Ryuk, as the ransomware is known, infects large enterprises days, weeks, or as much as a year after they were initially infected by separate malware, which in most cases is an increasingly powerful trojan known as Trickbot. Smaller organizations infected by Trickbot, by contrast, don’t suffer the follow-on attack by Ryuk. CrowdStrike called the approach “big-game hunting” and said it allowed its operators to generate $3.7 million worth of Bitcoin across 52 transactions since August.

Besides pinpointing targets with the resources to pay hefty ransoms, the modus operandi has another key benefit: the “dwell time”—that is, the period between the initial infection and the installation of the ransomware—gives the attackers time to perform valuable reconnaissance inside the infected network. The reconnaissance lets attackers CrowdStrike dubs Grim Spider maximize the damage it causes by unleashing the ransomware only after it has identified the most critical systems of the network and obtained the passwords necessary to infect them.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, ransomware, ryuk, SamSam | Comments (0)

Iranians indicted in Atlanta city government ransomware attack

December 5th, 2018
The message posted to social media by the city of Atlanta in the wake of an apparent ransomware attack.

Enlarge / The message posted to social media by the city of Atlanta in the wake of an apparent ransomware attack. (credit: City of Atlanta)

The US Attorney's Office for the District of Northern Georgia announced today that a federal grand jury had returned indictments against two Iranian nationals charged with executing the March 2018 ransomware attack that paralyzed Atlanta city government services for over a week. Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri are accused of using the Samsam ransomware to encrypt files on 3,789 City of Atlanta computers, including servers and workstations, in an attempt to extort Bitcoin from Atlanta officials.

Details leaked by City of Atlanta employees during the ransomware attack, including screenshots of the demand message posted on city computers, indicated that Samsam-based malware was used. A Samsam variant was used in a number of ransomware attacks on hospitals in 2016, with attackers using vulnerable Java Web services to gain entry in several cases. In more recent attacks, including one on the health industry companies Hancock Health and Allscripts, other methods were used to gain access, including Remote Desktop Protocol hacks that gave the attackers direct access to Windows systems on the victims' networks.

The Atlanta attack was not a targeted state-sponsored attack. The attackers likely chose Atlanta based on a vulnerability scan. According to the indictment, the attackers offered the city the option of paying six Bitcoin (currently the equivalent of $22,500) to get keys to unlock all the affected systems or 0.8 Bitcoin (about $3,000) for individual systems. "The ransom note directed the City of Atlanta to a particular Bitcoin address to pay the ransom and supplied a web domain that was only accessible using a Tor browser," a Department of Justice spokesperson said in a statement. "The note suggested that the City of Atlanta could download the decryption key from that website." But within days of the attack, the Tor page became unreachable, and the City of Atlanta did not pay the ransom.

Read 1 remaining paragraphs | Comments

Posted in Atlanta, Biz & IT, Iran, Policy, ransomware | Comments (0)

IPS as a Service Blocks WannaCry Spread Across the WAN

August 14th, 2017

One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1.

Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers gain a foothold inside the network through malware, there are very few security controls that

Posted in Cato Networks, firewall, intrusion prevention system, network security, Network Security Services, network security tool, ransomware, smb vulnerability, WannaCryptor | Comments (0)

Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

August 10th, 2017

Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe around 45 days ago.

However, the story is not as simple as it seems, which portrayed this man as a criminal. I

Posted in computer virus, Cyber Attack, Cyber Crime, hacker arrested, hacking news, NotPetya ransomware, Petya ransomware, ransomware, ransomware attack, ransomware malware, video blogger, WannaCry Ransomware | Comments (0)

Decompiled SLocker Android Ransomware Source Code Published Online

July 24th, 2017

Bad news for Android users — Decompiled source code of for one of the oldest mobile and popular Android ransomware families has been published online, making it available for cyber criminals who can use it to develop more customised and advanced variants of Android ransomware.

Decompiled source code for the SLocker android ransomware, which saw a six-fold increase in the number of new

Posted in android ransomware, ransomware, ransomware download, SLocker Ransomware, source code | Comments (0)

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

July 18th, 2017

Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don’t care to apply patches on time.

Late last year, Cisco’s Talos intelligence and research group discovered three critical remote code execution (RCE) vulnerabilities in Memcached that exposed major websites including Facebook, Twitter, YouTube,

Posted in cache server, database hacking, hacking database, memcached, MongoDB database, patch update, php website, ransomware, remote code execution, secure mongodb, server hacking, Vulnerability, website security | Comments (0)