Archive for the ‘ransomware’ Category

These firms promise high-tech ransomware solutions—but typically just pay hackers

May 16th, 2019
Cryptolocker was one of the ransomware pioneers, bringing together file encryption and bitcoin payment.

Enlarge / Cryptolocker was one of the ransomware pioneers, bringing together file encryption and bitcoin payment. (credit: Christiaan Colen / Flickr)

This story was originally published by ProPublica. It appears here under a Creative Commons license.

From 2015 to 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the UK It caused more than $30 million in damage to at least 200 entities, including the cities of Atlanta and Newark, New Jersey, the Port of San Diego and Hollywood Presbyterian Medical Center in Los Angeles. It knocked out Atlanta’s online water service requests and billing systems, prompted the Colorado Department of Transportation to call in the National Guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldn’t be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6 million in ransom.

“You just have 7 days to send us the BitCoin,” read the ransom demand to Newark. “After 7 days we will remove your private keys and it’s impossible to recover your files.”

Read 167 remaining paragraphs | Comments

Posted in Biz & IT, ProPublica, ransomware, Tech | Comments (0)

“RobbinHood” ransomware takes down Baltimore city government networks

May 8th, 2019
Most of  Baltimore City's networks were shut down as a ransomware attack took down mail servers and other systems at a number of city departments on May 7.

Enlarge / Most of Baltimore City's networks were shut down as a ransomware attack took down mail servers and other systems at a number of city departments on May 7. (credit: Alex Wroblewski / Getty images)

Systems at a number of departments of Baltimore’s city government were taken offline on May 7 by a ransomware attack. As of 9:00am today, e-mail and other services remain offline. Police, fire, and emergency response systems have not been affected by the attack, but nearly every other department of the city government has been affected in some way.

Calls to the city’s Office of Information Technology are being answered by a recording stating, “We are aware that systems are currently down. We are working to resolve the issue as quickly as possible.”

Lester Davis, a spokesperson for Baltimore’s Mayor’s office, told the Baltimore Sun’s Ian Duncan that the attack was similar to one that hit Greenville, North Carolina in April.

Read 9 remaining paragraphs | Comments

Posted in Baltimore, Biz & IT, Policy, ransomware | Comments (0)

Baltimore City Shuts Down Most of Its Servers After Ransomware Attack

May 8th, 2019
For the second time in just over a year, the city of Baltimore has been hit by a ransomware attack, affecting its computer network and forcing officials to shut down a majority of its computer servers as a precaution. Ransomware works by encryption files and locking them up so users can't access them. The attackers then demand a ransom amount, typically in Bitcoin digital currency, in

Posted in Baltimore, computer virus, cyber security, Malware attack, ransomware, ransomware attack, server security | Comments (0)

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware

May 1st, 2019
Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a

Posted in Cyber Attack, GandCrab ransomware, Malware attack, oracle, Oracle WebLogic Server, ransomware, ransomware attack, server hacking, server security | Comments (0)

Zero-day attackers deliver a double dose of ransomware—no clicking required

April 30th, 2019
Screenshot of ransomware warning.

Enlarge (credit: Cisco Talos)

Attackers have been actively exploiting a critical zero-day vulnerability in the widely used Oracle WebLogic server to install ransomware, with no clicking or other interaction necessary on the part of end users, researchers from Cisco Talos said on Tuesday.

The vulnerability and working exploit code first became public two weeks ago on the Chinese National Vulnerability Database, according to researchers from the security educational group SANS ISC, who warned that the vulnerability was under active attack. The vulnerability is easy to exploit and gives attackers the ability to execute code of their choice on cloud servers. Because of their power, bandwidth, and use in high-security cloud environments, these servers are considered high-value targets. The disclosure prompted Oracle to release an emergency patch on Friday.

On Tuesday, researchers with Cisco Talos said CVE-2019-2725, as the vulnerability has been indexed, has been under active exploit since at least April 21. Starting last Thursday—a day before Oracle patched the zero-day vulnerability, attackers started using the exploits in a campaign to install “Sodinokibi,” a new piece of ransomware. In addition to encrypting valuable data on infected computers, the malicious program attempts to destroy shadow copy backups to prevent targets from simply restoring the lost data. Oddly enough, about eight hours after infection, the attackers exploited the same vulnerability to install a different piece of ransomware known as GandCrab.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, exploits, malware, oracle, ransomware, vulnerabilities, WebLogic | Comments (0)

“Severe” ransomware attack cripples big aluminum producer

March 19th, 2019
Notes posted on a window of Norsk Hydro's headquarters in Norway on March 19, 2019.

Enlarge / Notes posted on a window of Norsk Hydro's headquarters in Norway on March 19, 2019. (credit: Getty Images)

One of the world’s biggest producers of aluminum has been hit by a serious ransomware attack that shut down its worldwide network, stopped or disrupted plants, and sent IT workers scrambling to return operations to normal.

Norsk Hydro of Norway said the malware first hit computers in the United States on Monday night. By Tuesday morning, the infection had spread to other parts of the company, which operates in 40 countries. Company officials responded by isolating plants to prevent further spreading. Some plants were temporarily stopped, while others, which had to be kept running continuously, were switched to manual mode when possible. The company’s 35,000 employees were instructed to keep computers turned off but were allowed to use phones and tablets to check email.

“Let me be clear: the situation for Norsk Hydro through this is quite severe,” Chief Financial Officer Eivind Kallevik said during a press conference Tuesday. “The entire worldwide network is down, affecting our production as well as our office operations. We are working hard to contain and solve this situation and to ensure the safety and security of our employees. Our main priority now is to ensure safe operations and limit the operational and financial impact.”

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, lockergoga, ransomware | Comments (0)

Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide

March 19th, 2019
Photo by Terje Pedersen / NTB scanpix One of the world's largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an "extensive cyber attack" hit its operations, leaving companies' IT systems unusable. According to a press release shared by Aluminum giant Norsk Hydro today, the company has temporarily shut down several plants and

Posted in computer virus, Enterprise Security, hacking news, Malware attack, ransomware, ransomware attack, ransomware malware | Comments (0)

Popular Torrent Uploader ‘CracksNow’ Caught Spreading Ransomware

February 18th, 2019
It's not at all surprising that downloading movies and software from the torrent network could infect your computer with malware, but it's more heartbreaking when a popular, trusted file uploader goes rogue. Popular software cracks/keygens uploader "CracksNow," who had trusted status from many torrent sites, has now been banned from several torrent sites after he was repeatedly found

Posted in best torrent sites, cyber security, GandCrab ransomware, hacking news, kickass torrent, ransomware, The Pirate Bay, Torrent Download Software, torrent files | Comments (0)

GandCrab ransomware and Ursnif virus spreading via MS Word macros

January 25th, 2019
Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from

Posted in Cyber Attack, GandCrab ransomware, macros, malware, Microsoft office, Microsoft Word, ransomware, ransomware malware, Spear Phishing, Ursnif malware | Comments (0)

New ransomware rakes in $4 million by adopting a “big game hunting” strategy

January 12th, 2019
New ransomware rakes in $4 million by adopting a “big game hunting” strategy

(credit: Tracy O / Flickr)

A recently discovered ransomware group has netted almost $4 million since August, in large part by following a path that’s uncommon in its industry—selectively installing the malicious encryption software on previously infected targets with deep pockets. The method differs from the usual one of indiscriminately infecting all possible victims. That’s the take of two analyses published Thursday, one by security firm CrowdStrike and the other by competitor FireEye.

Both reports say that Ryuk, as the ransomware is known, infects large enterprises days, weeks, or as much as a year after they were initially infected by separate malware, which in most cases is an increasingly powerful trojan known as Trickbot. Smaller organizations infected by Trickbot, by contrast, don’t suffer the follow-on attack by Ryuk. CrowdStrike called the approach “big-game hunting” and said it allowed its operators to generate $3.7 million worth of Bitcoin across 52 transactions since August.

Besides pinpointing targets with the resources to pay hefty ransoms, the modus operandi has another key benefit: the “dwell time”—that is, the period between the initial infection and the installation of the ransomware—gives the attackers time to perform valuable reconnaissance inside the infected network. The reconnaissance lets attackers CrowdStrike dubs Grim Spider maximize the damage it causes by unleashing the ransomware only after it has identified the most critical systems of the network and obtained the passwords necessary to infect them.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, ransomware, ryuk, SamSam | Comments (0)