PATREONItems tagged with Ransomware
The hacker who gained unauthorized access to CD Projekt Red's servers and seemingly stole the source code for several games has already reportedly leaked one of them, after the developer publicly declared it had no intention of paying a ransom or negotiating. In addition, the hacker appears to be trying to start a bidding war for the remaining data. To be clear, CD Projekt Red never outright acknowledged that the hacker stole actual source code, but said the person responsible "collected certain data" belonging to the developer, as well as encrypted some devices on its network. However, reading between the lines of the developer's broader statement on the intrusion, it sure sounds like the hacker...
Read more...
We’ve seen ransomware in hospitals and schools, and it wreaks havoc no matter the case. This is especially true when people are relying on technology now more than ever due to the COVID-19 pandemic. The Baltimore County Public School district encountered this firsthand when malicious attackers installed ransomware that crippled the network and closed school. Early this morning, the chief of staff for Baltimore County Public School systems, Mychael Dickerson, tweeted that all schools would be closed today due to network issues. As it turns out, it was ransomware affecting the network, as he later tweeted the following: Here is the latest update: Baltimore County Public Schools can now...
Read more...
There is very little worse than knowing you've just lost everything to ransomware. When it happens on our phones, where so much of our identity and our lives live, the situation can feel hopeless. It's a never-ending battle for platform owners like Google, Microsoft, and Apple. Every time a company creates new security measures, attackers try to find a way to circumvent them. That's what Microsoft warns Android users about in a new security blog post from the Microsoft 365 Defender Research Team. Unlike ransomware that hits Windows machines, Android devices rarely actually get their data encrypted. Instead, a malicious app will present itself when the phone gets locked, blocking access...
Read more...
Typically, ransomware attacks that are seemingly on the increase around the globe are the cause of financial loss and lack of productivity. However, a ransomware attack on a hospital in Germany has reportedly led to the first known death indirectly attributed to such attacks. German authorities are currently investigating a death following the ransomware attack on Düsseldorf University Hospital. Today, German media reported on the closure of the hospital’s emergency room due to the ransomware attack. As it was closed, a woman in need of emergency medical attention was turned away and subsequently succumbed to her illness. Alongside this tragic event, the hospital has not been able...
Read more...
If Garmin did not already have a giant target on its back, it sure does now, if a report that it paid a multi-million dollar ransom to hackers is true. Speaking on the condition of anonymity, sources cited as being familiar with the matter told Sky News that Garmin hired a company that specializes in ransomware negotiations to resolve a recent cyber intrusion. While nothing has been official confirmed, it was reported last week that a major outage affecting nearly every facet of Garmin's operations was the result of a ransomware strain called WastedLocker. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are...
Read more...
Garmin is having itself a no good, terrible day. and it could extend throughout the weekend. The cause of Garmin's woes is a ransomware attack, according to employees who have posted about the matter on social media, and it is affecting several of the company's services for its line of wearable products and aviation dealings. If you head over to Garmin's website, you will see a message at the top that alludes to the ransomware attack, though the company has not outright confirmed it as such. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We...
Read more...
Check Point Research has discovered a significant increase in attacks using the Phorpiex Botnet in June 2020. The research firm found that the botnet has had a resurgence delivering the Avaddon Ransomware, which is a Ransomware-as-a-Service (RaaS) variant that first surfaced in early June. Delivery during the month via the botnet caused the malware to rise 13 places to become the second most widely spread malware for the month. The malware doubled its impact on organizations globally in June compared to May. Phorpiex is known for spreading large-scale malspam campaigns, though it does distribute other malware families as well. The latest campaign using the botnet attempts to get email recipients...
Read more...
A new ransomware attack is underway in Canada that targets people concerned about COVID-19 by posing as an official tracing app provided by Health Canada. ESET researchers have identified and analyzed the ransomware, known as CryCryptor, and created a decryption tool for victims. CryCryptor surfaced only a few days after the Canadian government announced that it intended to back the development of a nation-wide, voluntary tracing app called COVID Alert. The actual tracing app from Health Canada is due to start rolling out in Ontario as soon as next month. ESET says that it informed the Canadian Centre for Cyber Security about the new threat as soon as it was identified. The below above shows...
Read more...
Ransomware is a global problem that can strike individual, organizations, and even health institutions to disastrous results. It demands that the user send money, typically in the form of cryptocurrency to the attackers to have their devices and files unlocked. An old ransomware threat called Black Rose Lucy that was initially discovered in September 2018 is now making a resurgence. Black Rose Lucy is a malware-as-a-service botnet for Android devices where it can take control of the victim's devices to make changes and install new malicious applications. When the Lucy malware is downloaded, it encrypts files on the infected device and displays a ransom note in the browser window claiming to be...
Read more...
Ransomware is a significant problem for individuals and organizations today. However, it can be a particularly big problem for healthcare organizations and has the potential to cost lives during the COVID-19 pandemic raging around the world. Microsoft says that during this time of crisis as organizations move towards a remote workforce, ransomware operators have found a new target in the form of network devices like gateways and VPN appliances. Microsoft says that it is putting a particular emphasis on the healthcare sector by protecting critical services, especially hospitals today. Microsoft notes that right now, REvil, which is also known as Sodinokibi, is one of the ransomware campaigns that...
Read more...
Security researchers at Sophos have been investigating a pair of ransomware attacks where the attackers used legitimate, digitally signed hardware driver to delete security products from targeted computers. Once the security products were deleted from the target machines, the destructive file encryption portion of the attack was launched. The signed driver that was used is part of a deprecated software package from Gigabyte, a mainboard and computer hardware manufacturer. The software had a known vulnerability tracked as CVE-2018-19320. The vulnerability, along with proof-of-concept code was published in 2018. At the time, Gigabyte denied that the vulnerability impacted its products. Later it...
Read more...
Many computer users know that Microsoft doesn't email you about Windows updates, but many people unfortunately still fall for spam tricks. There is a new malicious spam campaign going around that tells users to download a critical Windows update. If users install the attached file, Cyborg ransomware is then loaded on the system. The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only...
Read more...
How much does a ransomware or data breach attack affect hospital services? A recent study determined that hospitals who had been hit by a cyber attack witnessed increased death rates among patients with heart issues. Cyber attacks and the remediations that follow frequently increase the amount of time a patient waits to be treated or to receive test results. Researchers at Vanderbilt University’s Owen Graduate School of Management examined more than 3,000 Medicare-certified hospitals in the United States. Roughly 300 of these hospitals had experienced ransomware and other attacks between 2012 and 2016. The researchers not only studied what happened to patients during the cyber attacks,...
Read more...
Security researchers have discovered it is possible to hack a digital SLR camera with Wi-Fi capabilities (fast becoming a common feature in modern DSLR cameras) to install ransomware, thereby hijacking a user's photographs. Just as it happens on a PC, the photos would be encrypted, with the attacker threatening to permanently delete them if a ransom is not paid. "Although most users connect their camera to their PC using a USB cable, newer camera models now support WiFi. This means that what was once a PTP/USB protocol that was accessible only to the USB connected devices, is now also PTP/IP that is accessible to every WiFi-enabled device in close proximity," Check Point says. According to Check...
Read more...
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims. MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place. Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see...
Read more...
Security researchers at ESET have discovered an active ransomware campaign targeting Android users, thus ending a two-year decline in this form of malware in Google's mobile ecosystem. And unlike past ransomware campaigns, this one employs "some unusual tricks" to attract victims, and then spreads to contacts through text messaging. ESET is calling this ransomware strain Android/Filecoder.C (just Filecoder from here on out). It is primarily distributed by way of malicious posts on Reddit and the XDA Developers forum, the latter of which is a popular hangout for Android developers and enthusiasts. These posts lure victims by promising salacious material, such as porn-related content and sex simulators,...
Read more...
Security researchers at Bitdefender have updated a decryption tool to deal with the latest version of GandCrab, a popular form of ransomware that its authors sold to clients on the dark web for a supposedly enormous profit. The decryption tool is free, and could potentially save a GandCrab victim from a major headache Bitdefender estimates that GandCrab has claimed more than 1.5 million victims around the globe in more than a year of operation. That includes both home users and corporations. In a recent farewell post, the ransomware's authors said GandCrab netted its nefarious clients around $2 billion, earning the hacking group "more than $150 million per year." "We have proven that be doing...
Read more...
It is said that no good deed goes unpunished, but on the flips side, there are bad deeds that get rewarded. So it goes for the hackers responsible for GandCrab, a popular form of ransomware that was sold to clients on the dark web, who are now retiring and going legitimate with their earnings. The hackers claim that GandCrab netted its clients around $2 billion, all extracted from victims who opted to pay for a decryption key after falling prey to the ransomware. Whether that figure is accurate or not is up for debate. However, the hacking group also claims it "earned more than $150 million per year" from GandCrab and is now "leaving for a well-deserved retirement." "We have proven that be doing...
Read more...
Where is Neo when you need him? We don't have an answer for that, but Morpheus has been making an appearance on some business PCs, just not in the manner you might think. His mug is part of a message that is delivered by a new ransomware strain called "MegaCortex," which is a misspelled reference to MetaCortex, the faceless software company in The Matrix where Neo worked at. This is not the kind of sequel or reboot that fans might have been hoping for. Security outfit Sophos says it recently saw a "jolt of life" from this ransomware strain, with a spike in the number of attacks around the world, including Canada, France, Ireland, Italy, the Netherlands, and the United States. Those behind MegaCortex...
Read more...
No information is safe in the Internet age. Citycomp, an Germany-based IT services company, reported that they had been hacked and blackmailed. Some of their clients include Oracle, Airbus, Toshiba, Volkswagen, Leica, and Porsche. Citycomp is an IT services company that provides items such as servers, storage, and other computer equipment to other major companies. It appears that the hackers targeted the German branches of these international companies. The list of victims includes both corporations with an international reach and strictly German companies. The hackers, who go by the alias "Boris-Bullet Dodger", have distributed some of the stolen files on a website. Some of the affected firms...
Read more...
Over the past few days, a deadly storm has been coursing its way across the southern United States heading eastward. A number of states -- including Louisiana, Mississippi, Tennessee and Georgia have been rocked by high winds, tornadoes, and flash flooding. With the storm affecting millions of Americans, many turned to The Weather Channel to get real-time updates. However, The Weather Channel was knocked offline for more than an hour on Thursday morning following a ransomware attack. Or as rock star meteorologist Jim Cantore explained on-air, "The Weather Channel, sadly, has been the victim of a malicious software attack today." The AMHQ live morning show was scheduled to start at 6am...
Read more...
Just when we thought things had cooled down a bit in the botnet space, we're getting word of a new outbreak that it affecting PC users in the United States. Virobot has multi-pronged attack vector, and can not only place a victim's computer into a zombie botnet, but it also has a ransomware component. According to Trend Micro, it first discovered evidence of Virobot on September 17th, and found that it is similar in some respects to Locky. Once Virobot has found a willing host, it will then scan the registry to see if it has the go-ahead to begin encrypting files. If the coast is clear, it will begin a file encryption process using a cryptographic random number generator. Once the encryption...
Read more...
