Items tagged with Ransomware
Many computer users know that Microsoft doesn't email you about Windows updates, but many people unfortunately still fall for spam tricks. There is a new malicious spam campaign going around that tells users to download a critical Windows update. If users install the attached file, Cyborg ransomware is then loaded on the system. The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only...
Read more...
How much does a ransomware or data breach attack affect hospital services? A recent study determined that hospitals who had been hit by a cyber attack witnessed increased death rates among patients with heart issues. Cyber attacks and the remediations that follow frequently increase the amount of time a patient waits to be treated or to receive test results. Researchers at Vanderbilt University’s Owen Graduate School of Management examined more than 3,000 Medicare-certified hospitals in the United States. Roughly 300 of these hospitals had experienced ransomware and other attacks between 2012 and 2016. The researchers not only studied what happened to patients during the cyber attacks,...
Read more...
Security researchers have discovered it is possible to hack a digital SLR camera with Wi-Fi capabilities (fast becoming a common feature in modern DSLR cameras) to install ransomware, thereby hijacking a user's photographs. Just as it happens on a PC, the photos would be encrypted, with the attacker threatening to permanently delete them if a ransom is not paid. "Although most users connect their camera to their PC using a USB cable, newer camera models now support WiFi. This means that what was once a PTP/USB protocol that was accessible only to the USB connected devices, is now also PTP/IP that is accessible to every WiFi-enabled device in close proximity," Check Point says. According to Check...
Read more...
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims. MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place. Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see...
Read more...
Security researchers at ESET have discovered an active ransomware campaign targeting Android users, thus ending a two-year decline in this form of malware in Google's mobile ecosystem. And unlike past ransomware campaigns, this one employs "some unusual tricks" to attract victims, and then spreads to contacts through text messaging. ESET is calling this ransomware strain Android/Filecoder.C (just Filecoder from here on out). It is primarily distributed by way of malicious posts on Reddit and the XDA Developers forum, the latter of which is a popular hangout for Android developers and enthusiasts. These posts lure victims by promising salacious material, such as porn-related content and sex simulators,...
Read more...
Security researchers at Bitdefender have updated a decryption tool to deal with the latest version of GandCrab, a popular form of ransomware that its authors sold to clients on the dark web for a supposedly enormous profit. The decryption tool is free, and could potentially save a GandCrab victim from a major headache Bitdefender estimates that GandCrab has claimed more than 1.5 million victims around the globe in more than a year of operation. That includes both home users and corporations. In a recent farewell post, the ransomware's authors said GandCrab netted its nefarious clients around $2 billion, earning the hacking group "more than $150 million per year." "We have proven that be doing...
Read more...
It is said that no good deed goes unpunished, but on the flips side, there are bad deeds that get rewarded. So it goes for the hackers responsible for GandCrab, a popular form of ransomware that was sold to clients on the dark web, who are now retiring and going legitimate with their earnings. The hackers claim that GandCrab netted its clients around $2 billion, all extracted from victims who opted to pay for a decryption key after falling prey to the ransomware. Whether that figure is accurate or not is up for debate. However, the hacking group also claims it "earned more than $150 million per year" from GandCrab and is now "leaving for a well-deserved retirement." "We have proven that be doing...
Read more...
Where is Neo when you need him? We don't have an answer for that, but Morpheus has been making an appearance on some business PCs, just not in the manner you might think. His mug is part of a message that is delivered by a new ransomware strain called "MegaCortex," which is a misspelled reference to MetaCortex, the faceless software company in The Matrix where Neo worked at. This is not the kind of sequel or reboot that fans might have been hoping for. Security outfit Sophos says it recently saw a "jolt of life" from this ransomware strain, with a spike in the number of attacks around the world, including Canada, France, Ireland, Italy, the Netherlands, and the United States. Those behind MegaCortex...
Read more...
No information is safe in the Internet age. Citycomp, an Germany-based IT services company, reported that they had been hacked and blackmailed. Some of their clients include Oracle, Airbus, Toshiba, Volkswagen, Leica, and Porsche. Citycomp is an IT services company that provides items such as servers, storage, and other computer equipment to other major companies. It appears that the hackers targeted the German branches of these international companies. The list of victims includes both corporations with an international reach and strictly German companies. The hackers, who go by the alias "Boris-Bullet Dodger", have distributed some of the stolen files on a website. Some of the affected firms...
Read more...
Over the past few days, a deadly storm has been coursing its way across the southern United States heading eastward. A number of states -- including Louisiana, Mississippi, Tennessee and Georgia have been rocked by high winds, tornadoes, and flash flooding. With the storm affecting millions of Americans, many turned to The Weather Channel to get real-time updates. However, The Weather Channel was knocked offline for more than an hour on Thursday morning following a ransomware attack. Or as rock star meteorologist Jim Cantore explained on-air, "The Weather Channel, sadly, has been the victim of a malicious software attack today." The AMHQ live morning show was scheduled to start at 6am...
Read more...
Just when we thought things had cooled down a bit in the botnet space, we're getting word of a new outbreak that it affecting PC users in the United States. Virobot has multi-pronged attack vector, and can not only place a victim's computer into a zombie botnet, but it also has a ransomware component. According to Trend Micro, it first discovered evidence of Virobot on September 17th, and found that it is similar in some respects to Locky. Once Virobot has found a willing host, it will then scan the registry to see if it has the go-ahead to begin encrypting files. If the coast is clear, it will begin a file encryption process using a cryptographic random number generator. Once the encryption...
Read more...
Researchers have discovered a new strain of malware for Android devices that combines different styles of attack into a single package. Called MysteryBot, the new malware hits victims with a banking Trojan, keylogger, and ransomware in one fell swoop. The good news here is that the cybercriminals responsible for MysteryBot are still developing it, and it does not appear to be spreading in the wild at the moment. However, that could change at any time. Initially, the researchers thought they were looking at a revised version of LokiBot, a banking Trojan that targets Android devices. But upon closer examination, they discovered there was much more taking place. "During investigation of its network...
Read more...
Normally when you think about ransomware you think about something clearly malicious such as Petya and others. You could get your files back if infected with Petya, but the hackers wanted $300 in bitcoin to do it. A new kind of ransomware, however, is making the rounds and this variant is based on the game PUBG (Player Unknown's Battlegrounds), of all things. PUBG is a battle royale style game that is played online in large multiplayer formats, and all this PUBG Ransomware wants you to do is play the game for an hour. Not so bad, right? Well, it is still ransomware. The ransomware was discovered by MalwareHunterTeam and like other ransomware attacks, PUBG Ransomware will encrypt...
Read more...
We are only months removed from the massive WannaCry cyberattack that hit hundreds of thousands of computers in over 150 countries, crippling some hospitals in the United Kingdom. WannaCry became an overnight global scare after spreading far and wide within the first few hours. Up until now, it was not clear where exactly the worm originated. According to the Trump administration, North Korea is to blame, just as security outfit Symantec suspected months ago. In an op-ed piece published in The Wall Street Journal, homeland security adviser Thomas P. Bossert publicly attributed the massive WannaCry cyberattack to North Korea, adding that the U.S. is not making the allegation lightly. "It is based...
Read more...
