Items tagged with Ransomware
One of the top U.S. fuel pipeline operators had to shutter its network this weekend due to a nasty ransomware attack. This effectively shut down approximately half of the East Coast’s fuel for both air and ground transportation. Though home heating oil prices are not expected to increase as a result, this does raise concerns about how vulnerable U.S. critical infrastructure is after seeing how disruptive this attack was. Colonial Pipeline is one of the largest pipeline operators in the United States, with over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and directly serving seven airports. The network, which you can see below, spans from New...
Read more...
Ransomware attacks are on the rise, and both organizations, such as the Washington D.C. Police Department, and individuals like QNAP NAS owners, are being targeted relentlessly. To help combat this, leaders from Amazon, Cisco, FireEye, McAfee, Microsoft, and other firms joined forces with the U.S. Department of Justice, Europol, and the U.K. National Crime Agency to call for an international coalition to fight against ransomware criminals. Simply put, we do not negotiate with terrorists, and this is only an extension of that philosophy. This week, an 81-page report that outlined the Ransomware Task Force and goals of the group was delivered to the Biden administration. It urged the U.S. to lead...
Read more...
The same group of hackers that hit the NBA's Houston Rockets basketball team with a ransomware attack earlier this month has now turned its sights on the police force in Washington, D.C. It is the latest in a string of concerning ransomware attacks aimed at police over the past several weeks, where data leaks can put people's lives in danger. More than just a potentially embarrassing situation, in which private information could be revealed to the public, unscrupulous hackers are also threatening to reveal the identity of police informants to gangs, according to a post on the dark web viewed by The New York Times. In such a scenario, a data dump could conceivably result in actual bodily harm,...
Read more...
When we hear of ransomware attacks, it usually involves high-value targets, such as the recent $50 million attack against Apple supplier Quanta. This time, a ransomware gang took a different approach and targeted consumers and small businesses using QNAP devices and subsequently encrypted their files. In just five days, the gang managed to collect $260,000 in Bitcoin for unlocking all the devices they took hostage. On Monday, a ransomware operation called Qlocker kicked off, exploiting new vulnerabilities in QNAP NAS devices and leaving users to wake up to their files being locked up. The ransomware gang behind this pulled it off by scanning the web for connected QNAP devices and then locking...
Read more...
Apple is bringing some color into people's lives with a new line of M1-powered iMac systems, available in green, yellow, orange, pink, purple, blue, and silver. As to what other changes Apple plans on making to its product lines, a hacking group is threatening to reveal them, after infiltrating servers belonging to one of the company's main suppliers. The hacking group goes by REvil, and it is the same one that recently breached Acer and stole files that included financial spreadsheets, bank balances, and bank communications, all of which it posted on its website called Happy Blog. The group is known for using ransomware in its attacks, and in the case of Acer, it had demanded $50 million. REvil...
Read more...
Earlier in the month, brewer Molson Coors was allegedly hit by a ransomware attack under the guise of a “cybersecurity incident.” Now, Taiwanese computer manufacturer Acer has reportedly been hit by a REvil ransomware gang attack, and the hackers are demanding the largest known ransom to-date. The ransomware gang announced earlier this week that it breached Acer and had taken files. On the REvil website, called the ‘Happy Blog’, these stolen files -- including financial spreadsheets, bank balances, and bank communications -- were posted as supposed proof of the breach. In response to the rumored attack, Acer has only reported “abnormal situations observed”...
Read more...
As we fast approach the warmer spring months, it appears as though hackers have gone crazy by infiltrating companies and organizations around the globe. From Microsoft Exchange Server vulnerabilities to Verkada camera hijacking, the security community is working overtime to fend off (and deal with the aftermath from) attacks. Today, we're learning of a cyberattack launched against Molson Coors Beverage Company. Yes, we're talking about that company responsible for getting you lit with brands like Coors Light, Fosters, Ice House, Keystone Light, and Miller Lite, among others. Molson Coors disclosed today that it was the victim of a "cybersecurity incident." As a result...
Read more...
The hacker who gained unauthorized access to CD Projekt Red's servers and seemingly stole the source code for several games has already reportedly leaked one of them, after the developer publicly declared it had no intention of paying a ransom or negotiating. In addition, the hacker appears to be trying to start a bidding war for the remaining data. To be clear, CD Projekt Red never outright acknowledged that the hacker stole actual source code, but said the person responsible "collected certain data" belonging to the developer, as well as encrypted some devices on its network. However, reading between the lines of the developer's broader statement on the intrusion, it sure sounds like the hacker...
Read more...
We’ve seen ransomware in hospitals and schools, and it wreaks havoc no matter the case. This is especially true when people are relying on technology now more than ever due to the COVID-19 pandemic. The Baltimore County Public School district encountered this firsthand when malicious attackers installed ransomware that crippled the network and closed school. Early this morning, the chief of staff for Baltimore County Public School systems, Mychael Dickerson, tweeted that all schools would be closed today due to network issues. As it turns out, it was ransomware affecting the network, as he later tweeted the following: Here is the latest update: Baltimore County Public Schools can now...
Read more...
There is very little worse than knowing you've just lost everything to ransomware. When it happens on our phones, where so much of our identity and our lives live, the situation can feel hopeless. It's a never-ending battle for platform owners like Google, Microsoft, and Apple. Every time a company creates new security measures, attackers try to find a way to circumvent them. That's what Microsoft warns Android users about in a new security blog post from the Microsoft 365 Defender Research Team. Unlike ransomware that hits Windows machines, Android devices rarely actually get their data encrypted. Instead, a malicious app will present itself when the phone gets locked, blocking access...
Read more...
Typically, ransomware attacks that are seemingly on the increase around the globe are the cause of financial loss and lack of productivity. However, a ransomware attack on a hospital in Germany has reportedly led to the first known death indirectly attributed to such attacks. German authorities are currently investigating a death following the ransomware attack on Düsseldorf University Hospital. Today, German media reported on the closure of the hospital’s emergency room due to the ransomware attack. As it was closed, a woman in need of emergency medical attention was turned away and subsequently succumbed to her illness. Alongside this tragic event, the hospital has not been able...
Read more...
If Garmin did not already have a giant target on its back, it sure does now, if a report that it paid a multi-million dollar ransom to hackers is true. Speaking on the condition of anonymity, sources cited as being familiar with the matter told Sky News that Garmin hired a company that specializes in ransomware negotiations to resolve a recent cyber intrusion. While nothing has been official confirmed, it was reported last week that a major outage affecting nearly every facet of Garmin's operations was the result of a ransomware strain called WastedLocker. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are...
Read more...
Garmin is having itself a no good, terrible day. and it could extend throughout the weekend. The cause of Garmin's woes is a ransomware attack, according to employees who have posted about the matter on social media, and it is affecting several of the company's services for its line of wearable products and aviation dealings. If you head over to Garmin's website, you will see a message at the top that alludes to the ransomware attack, though the company has not outright confirmed it as such. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We...
Read more...
Check Point Research has discovered a significant increase in attacks using the Phorpiex Botnet in June 2020. The research firm found that the botnet has had a resurgence delivering the Avaddon Ransomware, which is a Ransomware-as-a-Service (RaaS) variant that first surfaced in early June. Delivery during the month via the botnet caused the malware to rise 13 places to become the second most widely spread malware for the month. The malware doubled its impact on organizations globally in June compared to May. Phorpiex is known for spreading large-scale malspam campaigns, though it does distribute other malware families as well. The latest campaign using the botnet attempts to get email recipients...
Read more...
A new ransomware attack is underway in Canada that targets people concerned about COVID-19 by posing as an official tracing app provided by Health Canada. ESET researchers have identified and analyzed the ransomware, known as CryCryptor, and created a decryption tool for victims. CryCryptor surfaced only a few days after the Canadian government announced that it intended to back the development of a nation-wide, voluntary tracing app called COVID Alert. The actual tracing app from Health Canada is due to start rolling out in Ontario as soon as next month. ESET says that it informed the Canadian Centre for Cyber Security about the new threat as soon as it was identified. The below above shows...
Read more...
Ransomware is a global problem that can strike individual, organizations, and even health institutions to disastrous results. It demands that the user send money, typically in the form of cryptocurrency to the attackers to have their devices and files unlocked. An old ransomware threat called Black Rose Lucy that was initially discovered in September 2018 is now making a resurgence. Black Rose Lucy is a malware-as-a-service botnet for Android devices where it can take control of the victim's devices to make changes and install new malicious applications. When the Lucy malware is downloaded, it encrypts files on the infected device and displays a ransom note in the browser window claiming to be...
Read more...
Ransomware is a significant problem for individuals and organizations today. However, it can be a particularly big problem for healthcare organizations and has the potential to cost lives during the COVID-19 pandemic raging around the world. Microsoft says that during this time of crisis as organizations move towards a remote workforce, ransomware operators have found a new target in the form of network devices like gateways and VPN appliances. Microsoft says that it is putting a particular emphasis on the healthcare sector by protecting critical services, especially hospitals today. Microsoft notes that right now, REvil, which is also known as Sodinokibi, is one of the ransomware campaigns that...
Read more...
Security researchers at Sophos have been investigating a pair of ransomware attacks where the attackers used legitimate, digitally signed hardware driver to delete security products from targeted computers. Once the security products were deleted from the target machines, the destructive file encryption portion of the attack was launched. The signed driver that was used is part of a deprecated software package from Gigabyte, a mainboard and computer hardware manufacturer. The software had a known vulnerability tracked as CVE-2018-19320. The vulnerability, along with proof-of-concept code was published in 2018. At the time, Gigabyte denied that the vulnerability impacted its products. Later it...
Read more...
Many computer users know that Microsoft doesn't email you about Windows updates, but many people unfortunately still fall for spam tricks. There is a new malicious spam campaign going around that tells users to download a critical Windows update. If users install the attached file, Cyborg ransomware is then loaded on the system. The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only...
Read more...
How much does a ransomware or data breach attack affect hospital services? A recent study determined that hospitals who had been hit by a cyber attack witnessed increased death rates among patients with heart issues. Cyber attacks and the remediations that follow frequently increase the amount of time a patient waits to be treated or to receive test results. Researchers at Vanderbilt University’s Owen Graduate School of Management examined more than 3,000 Medicare-certified hospitals in the United States. Roughly 300 of these hospitals had experienced ransomware and other attacks between 2012 and 2016. The researchers not only studied what happened to patients during the cyber attacks,...
Read more...
Security researchers have discovered it is possible to hack a digital SLR camera with Wi-Fi capabilities (fast becoming a common feature in modern DSLR cameras) to install ransomware, thereby hijacking a user's photographs. Just as it happens on a PC, the photos would be encrypted, with the attacker threatening to permanently delete them if a ransom is not paid. "Although most users connect their camera to their PC using a USB cable, newer camera models now support WiFi. This means that what was once a PTP/USB protocol that was accessible only to the USB connected devices, is now also PTP/IP that is accessible to every WiFi-enabled device in close proximity," Check Point says. According to Check...
Read more...
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims. MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place. Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see...
Read more...
