Items tagged with Ransomware
If Garmin did not already have a giant target on its back, it sure does now, if a report that it paid a multi-million dollar ransom to hackers is true. Speaking on the condition of anonymity, sources cited as being familiar with the matter told Sky News that Garmin hired a company that specializes in ransomware negotiations to resolve a recent cyber intrusion. While nothing has been official confirmed, it was reported last week that a major outage affecting nearly every facet of Garmin's operations was the result of a ransomware strain called WastedLocker. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are...
Read more...
Garmin is having itself a no good, terrible day. and it could extend throughout the weekend. The cause of Garmin's woes is a ransomware attack, according to employees who have posted about the matter on social media, and it is affecting several of the company's services for its line of wearable products and aviation dealings. If you head over to Garmin's website, you will see a message at the top that alludes to the ransomware attack, though the company has not outright confirmed it as such. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We...
Read more...
Check Point Research has discovered a significant increase in attacks using the Phorpiex Botnet in June 2020. The research firm found that the botnet has had a resurgence delivering the Avaddon Ransomware, which is a Ransomware-as-a-Service (RaaS) variant that first surfaced in early June. Delivery during the month via the botnet caused the malware to rise 13 places to become the second most widely spread malware for the month. The malware doubled its impact on organizations globally in June compared to May. Phorpiex is known for spreading large-scale malspam campaigns, though it does distribute other malware families as well. The latest campaign using the botnet attempts to get email recipients...
Read more...
A new ransomware attack is underway in Canada that targets people concerned about COVID-19 by posing as an official tracing app provided by Health Canada. ESET researchers have identified and analyzed the ransomware, known as CryCryptor, and created a decryption tool for victims. CryCryptor surfaced only a few days after the Canadian government announced that it intended to back the development of a nation-wide, voluntary tracing app called COVID Alert. The actual tracing app from Health Canada is due to start rolling out in Ontario as soon as next month. ESET says that it informed the Canadian Centre for Cyber Security about the new threat as soon as it was identified. The below above shows...
Read more...
Ransomware is a global problem that can strike individual, organizations, and even health institutions to disastrous results. It demands that the user send money, typically in the form of cryptocurrency to the attackers to have their devices and files unlocked. An old ransomware threat called Black Rose Lucy that was initially discovered in September 2018 is now making a resurgence. Black Rose Lucy is a malware-as-a-service botnet for Android devices where it can take control of the victim's devices to make changes and install new malicious applications. When the Lucy malware is downloaded, it encrypts files on the infected device and displays a ransom note in the browser window claiming to be...
Read more...
Ransomware is a significant problem for individuals and organizations today. However, it can be a particularly big problem for healthcare organizations and has the potential to cost lives during the COVID-19 pandemic raging around the world. Microsoft says that during this time of crisis as organizations move towards a remote workforce, ransomware operators have found a new target in the form of network devices like gateways and VPN appliances. Microsoft says that it is putting a particular emphasis on the healthcare sector by protecting critical services, especially hospitals today. Microsoft notes that right now, REvil, which is also known as Sodinokibi, is one of the ransomware campaigns that...
Read more...
Security researchers at Sophos have been investigating a pair of ransomware attacks where the attackers used legitimate, digitally signed hardware driver to delete security products from targeted computers. Once the security products were deleted from the target machines, the destructive file encryption portion of the attack was launched. The signed driver that was used is part of a deprecated software package from Gigabyte, a mainboard and computer hardware manufacturer. The software had a known vulnerability tracked as CVE-2018-19320. The vulnerability, along with proof-of-concept code was published in 2018. At the time, Gigabyte denied that the vulnerability impacted its products. Later it...
Read more...
Many computer users know that Microsoft doesn't email you about Windows updates, but many people unfortunately still fall for spam tricks. There is a new malicious spam campaign going around that tells users to download a critical Windows update. If users install the attached file, Cyborg ransomware is then loaded on the system. The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only...
Read more...
How much does a ransomware or data breach attack affect hospital services? A recent study determined that hospitals who had been hit by a cyber attack witnessed increased death rates among patients with heart issues. Cyber attacks and the remediations that follow frequently increase the amount of time a patient waits to be treated or to receive test results. Researchers at Vanderbilt University’s Owen Graduate School of Management examined more than 3,000 Medicare-certified hospitals in the United States. Roughly 300 of these hospitals had experienced ransomware and other attacks between 2012 and 2016. The researchers not only studied what happened to patients during the cyber attacks,...
Read more...
Security researchers have discovered it is possible to hack a digital SLR camera with Wi-Fi capabilities (fast becoming a common feature in modern DSLR cameras) to install ransomware, thereby hijacking a user's photographs. Just as it happens on a PC, the photos would be encrypted, with the attacker threatening to permanently delete them if a ransom is not paid. "Although most users connect their camera to their PC using a USB cable, newer camera models now support WiFi. This means that what was once a PTP/USB protocol that was accessible only to the USB connected devices, is now also PTP/IP that is accessible to every WiFi-enabled device in close proximity," Check Point says. According to Check...
Read more...
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims. MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place. Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see...
Read more...
Security researchers at ESET have discovered an active ransomware campaign targeting Android users, thus ending a two-year decline in this form of malware in Google's mobile ecosystem. And unlike past ransomware campaigns, this one employs "some unusual tricks" to attract victims, and then spreads to contacts through text messaging. ESET is calling this ransomware strain Android/Filecoder.C (just Filecoder from here on out). It is primarily distributed by way of malicious posts on Reddit and the XDA Developers forum, the latter of which is a popular hangout for Android developers and enthusiasts. These posts lure victims by promising salacious material, such as porn-related content and sex simulators,...
Read more...
Security researchers at Bitdefender have updated a decryption tool to deal with the latest version of GandCrab, a popular form of ransomware that its authors sold to clients on the dark web for a supposedly enormous profit. The decryption tool is free, and could potentially save a GandCrab victim from a major headache Bitdefender estimates that GandCrab has claimed more than 1.5 million victims around the globe in more than a year of operation. That includes both home users and corporations. In a recent farewell post, the ransomware's authors said GandCrab netted its nefarious clients around $2 billion, earning the hacking group "more than $150 million per year." "We have proven that be doing...
Read more...
It is said that no good deed goes unpunished, but on the flips side, there are bad deeds that get rewarded. So it goes for the hackers responsible for GandCrab, a popular form of ransomware that was sold to clients on the dark web, who are now retiring and going legitimate with their earnings. The hackers claim that GandCrab netted its clients around $2 billion, all extracted from victims who opted to pay for a decryption key after falling prey to the ransomware. Whether that figure is accurate or not is up for debate. However, the hacking group also claims it "earned more than $150 million per year" from GandCrab and is now "leaving for a well-deserved retirement." "We have proven that be doing...
Read more...
Where is Neo when you need him? We don't have an answer for that, but Morpheus has been making an appearance on some business PCs, just not in the manner you might think. His mug is part of a message that is delivered by a new ransomware strain called "MegaCortex," which is a misspelled reference to MetaCortex, the faceless software company in The Matrix where Neo worked at. This is not the kind of sequel or reboot that fans might have been hoping for. Security outfit Sophos says it recently saw a "jolt of life" from this ransomware strain, with a spike in the number of attacks around the world, including Canada, France, Ireland, Italy, the Netherlands, and the United States. Those behind MegaCortex...
Read more...
No information is safe in the Internet age. Citycomp, an Germany-based IT services company, reported that they had been hacked and blackmailed. Some of their clients include Oracle, Airbus, Toshiba, Volkswagen, Leica, and Porsche. Citycomp is an IT services company that provides items such as servers, storage, and other computer equipment to other major companies. It appears that the hackers targeted the German branches of these international companies. The list of victims includes both corporations with an international reach and strictly German companies. The hackers, who go by the alias "Boris-Bullet Dodger", have distributed some of the stolen files on a website. Some of the affected firms...
Read more...
Over the past few days, a deadly storm has been coursing its way across the southern United States heading eastward. A number of states -- including Louisiana, Mississippi, Tennessee and Georgia have been rocked by high winds, tornadoes, and flash flooding. With the storm affecting millions of Americans, many turned to The Weather Channel to get real-time updates. However, The Weather Channel was knocked offline for more than an hour on Thursday morning following a ransomware attack. Or as rock star meteorologist Jim Cantore explained on-air, "The Weather Channel, sadly, has been the victim of a malicious software attack today." The AMHQ live morning show was scheduled to start at 6am...
Read more...
Just when we thought things had cooled down a bit in the botnet space, we're getting word of a new outbreak that it affecting PC users in the United States. Virobot has multi-pronged attack vector, and can not only place a victim's computer into a zombie botnet, but it also has a ransomware component. According to Trend Micro, it first discovered evidence of Virobot on September 17th, and found that it is similar in some respects to Locky. Once Virobot has found a willing host, it will then scan the registry to see if it has the go-ahead to begin encrypting files. If the coast is clear, it will begin a file encryption process using a cryptographic random number generator. Once the encryption...
Read more...
Researchers have discovered a new strain of malware for Android devices that combines different styles of attack into a single package. Called MysteryBot, the new malware hits victims with a banking Trojan, keylogger, and ransomware in one fell swoop. The good news here is that the cybercriminals responsible for MysteryBot are still developing it, and it does not appear to be spreading in the wild at the moment. However, that could change at any time. Initially, the researchers thought they were looking at a revised version of LokiBot, a banking Trojan that targets Android devices. But upon closer examination, they discovered there was much more taking place. "During investigation of its network...
Read more...
Normally when you think about ransomware you think about something clearly malicious such as Petya and others. You could get your files back if infected with Petya, but the hackers wanted $300 in bitcoin to do it. A new kind of ransomware, however, is making the rounds and this variant is based on the game PUBG (Player Unknown's Battlegrounds), of all things. PUBG is a battle royale style game that is played online in large multiplayer formats, and all this PUBG Ransomware wants you to do is play the game for an hour. Not so bad, right? Well, it is still ransomware. The ransomware was discovered by MalwareHunterTeam and like other ransomware attacks, PUBG Ransomware will encrypt...
Read more...
We are only months removed from the massive WannaCry cyberattack that hit hundreds of thousands of computers in over 150 countries, crippling some hospitals in the United Kingdom. WannaCry became an overnight global scare after spreading far and wide within the first few hours. Up until now, it was not clear where exactly the worm originated. According to the Trump administration, North Korea is to blame, just as security outfit Symantec suspected months ago. In an op-ed piece published in The Wall Street Journal, homeland security adviser Thomas P. Bossert publicly attributed the massive WannaCry cyberattack to North Korea, adding that the U.S. is not making the allegation lightly. "It is based...
Read more...
The largest spam botnet in the world has a new trick up its sleeve, prompting security outfit Check Point to place it back in its list of the top ten most prevalent malwares. Called Necurs, the botnet dished up more than 12 million emails in a single morning during the Thanksgiving holiday. What makes it even more annoying, however, is that hackers have added the relatively new Scarab ransomware to the botnet's list of dirty tricks. "The re-emergence of the Necurs botnet highlights how malware that may seem to be fading away, doesn’t always disappear or become any less of a threat. Despite Necurs being well known to the security community, hackers are still enjoying lots of success distributing...
Read more...
