Archive for the ‘ransomware’ Category

New ransomware rakes in $4 million by adopting a “big game hunting” strategy

January 12th, 2019
New ransomware rakes in $4 million by adopting a “big game hunting” strategy

(credit: Tracy O / Flickr)

A recently discovered ransomware group has netted almost $4 million since August, in large part by following a path that’s uncommon in its industry—selectively installing the malicious encryption software on previously infected targets with deep pockets. The method differs from the usual one of indiscriminately infecting all possible victims. That’s the take of two analyses published Thursday, one by security firm CrowdStrike and the other by competitor FireEye.

Both reports say that Ryuk, as the ransomware is known, infects large enterprises days, weeks, or as much as a year after they were initially infected by separate malware, which in most cases is an increasingly powerful trojan known as Trickbot. Smaller organizations infected by Trickbot, by contrast, don’t suffer the follow-on attack by Ryuk. CrowdStrike called the approach “big-game hunting” and said it allowed its operators to generate $3.7 million worth of Bitcoin across 52 transactions since August.

Besides pinpointing targets with the resources to pay hefty ransoms, the modus operandi has another key benefit: the “dwell time”—that is, the period between the initial infection and the installation of the ransomware—gives the attackers time to perform valuable reconnaissance inside the infected network. The reconnaissance lets attackers CrowdStrike dubs Grim Spider maximize the damage it causes by unleashing the ransomware only after it has identified the most critical systems of the network and obtained the passwords necessary to infect them.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, ransomware, ryuk, SamSam | Comments (0)

PyLocky Ransomware Decryption Tool Released — Unlock Files For Free

January 11th, 2019
If your computer has been infected with PyLocky Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search might end here. Security researcher Mike Bautista at Cisco's Talos cyber intelligence unit have released a free decryption tool that makes it possible for victims infected with the PyLocky ransomware to unlock their encrypted files

Posted in file encryption, hacking news, Locky ransomware, PyLocky, PyLocky ransomware, ransomware, ransomware decrypt tool, Ransomware Decryption software, ransomware malware, unlock files | Comments (0)

Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada

December 14th, 2018
"Pay $20,000 worth of bitcoin, or a bomb will detonate in your building" A massive number of businesses, schools, government offices and individuals across the US, New Zealand and Canada on Thursday received bomb threats via emails that caused nationwide chaos, forcing widespread evacuations and police response. The bomb threat emails were apparently sent by spammers, threatening people that

Posted in bomb threat, cyber security, Cyber threats, email scam, email spam, Email spoofing, hoax bomb threat, ransom money, ransomware | Comments (0)

Iranians indicted in Atlanta city government ransomware attack

December 5th, 2018
The message posted to social media by the city of Atlanta in the wake of an apparent ransomware attack.

Enlarge / The message posted to social media by the city of Atlanta in the wake of an apparent ransomware attack. (credit: City of Atlanta)

The US Attorney's Office for the District of Northern Georgia announced today that a federal grand jury had returned indictments against two Iranian nationals charged with executing the March 2018 ransomware attack that paralyzed Atlanta city government services for over a week. Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri are accused of using the Samsam ransomware to encrypt files on 3,789 City of Atlanta computers, including servers and workstations, in an attempt to extort Bitcoin from Atlanta officials.

Details leaked by City of Atlanta employees during the ransomware attack, including screenshots of the demand message posted on city computers, indicated that Samsam-based malware was used. A Samsam variant was used in a number of ransomware attacks on hospitals in 2016, with attackers using vulnerable Java Web services to gain entry in several cases. In more recent attacks, including one on the health industry companies Hancock Health and Allscripts, other methods were used to gain access, including Remote Desktop Protocol hacks that gave the attackers direct access to Windows systems on the victims' networks.

The Atlanta attack was not a targeted state-sponsored attack. The attackers likely chose Atlanta based on a vulnerability scan. According to the indictment, the attackers offered the city the option of paying six Bitcoin (currently the equivalent of $22,500) to get keys to unlock all the affected systems or 0.8 Bitcoin (about $3,000) for individual systems. "The ransom note directed the City of Atlanta to a particular Bitcoin address to pay the ransom and supplied a web domain that was only accessible using a Tor browser," a Department of Justice spokesperson said in a statement. "The note suggested that the City of Atlanta could download the decryption key from that website." But within days of the attack, the Tor page became unreachable, and the City of Atlanta did not pay the ransom.

Read 1 remaining paragraphs | Comments

Posted in Atlanta, Biz & IT, Iran, Policy, ransomware | Comments (0)

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

December 4th, 2018
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour. What's Interesting? Unlike almost every ransomware malware, the new virus doesn't demand ransom payments in Bitcoin. Instead, the attacker is

Posted in Chinese Hackers, computer virus, malware, Malware attack, password stealer, ransomware, ransomware attack, ransomware malware, Wechat | Comments (0)

U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

November 28th, 2018
The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictment unsealed today at New Jersey court revealed. The duo used

Posted in Cyber Attack, Cyber Criminal, file encryption software, hacker arrested, hacking news, Iranian Hackers, malware, Malware attack, ransomware, ransomware attack, Samsam Ransomware | Comments (0)

IPS as a Service Blocks WannaCry Spread Across the WAN

August 14th, 2017

One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1.

Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers gain a foothold inside the network through malware, there are very few security controls that

Posted in Cato Networks, firewall, intrusion prevention system, network security, Network Security Services, network security tool, ransomware, smb vulnerability, WannaCryptor | Comments (0)

Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

August 10th, 2017

Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe around 45 days ago.

However, the story is not as simple as it seems, which portrayed this man as a criminal. I

Posted in computer virus, Cyber Attack, Cyber Crime, hacker arrested, hacking news, NotPetya ransomware, Petya ransomware, ransomware, ransomware attack, ransomware malware, video blogger, WannaCry Ransomware | Comments (0)

Decompiled SLocker Android Ransomware Source Code Published Online

July 24th, 2017

Bad news for Android users — Decompiled source code of for one of the oldest mobile and popular Android ransomware families has been published online, making it available for cyber criminals who can use it to develop more customised and advanced variants of Android ransomware.

Decompiled source code for the SLocker android ransomware, which saw a six-fold increase in the number of new

Posted in android ransomware, ransomware, ransomware download, SLocker Ransomware, source code | Comments (0)

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

July 18th, 2017

Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don’t care to apply patches on time.

Late last year, Cisco’s Talos intelligence and research group discovered three critical remote code execution (RCE) vulnerabilities in Memcached that exposed major websites including Facebook, Twitter, YouTube,

Posted in cache server, database hacking, hacking database, memcached, MongoDB database, patch update, php website, ransomware, remote code execution, secure mongodb, server hacking, Vulnerability, website security | Comments (0)