ZDNet reports that environments leveraging the Jupyter notebook open source web environment are being targeted by a novel Python ransomware strain.
Organizations with vulnerable environments are the focus of the new ransomware strain, according to researchers at Aqua Security's Team Nautilus. Attackers were able to obtain server access, open a terminal, and download encryptors and other malicious tools prior to manually generating a Python script that enabled ransomware execution. The report also revealed the encryptor's file copying and encryption capabilities, as well as its ability to delete unencrypted content and facilitate self-deletion.
"The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack. Since Jupyter notebooks are used to analyze data and build data models, this attack can lead to significant damage to organizations if these environments aren't properly backed up," said researchers.
CNN reports that a potential compromise of the Department of Homeland Security's sensitive physical security details is being looked into by the department's senior officials following a ransomware attack against contractor and major building automation systems manufacturer Johnson Controls International.
Most organizations impacted by ransomware attacks have been noted by the FBI to be experiencing another intrusion involving a different ransomware variant within 48 hours of each other, BleepingComputer reports.