Ransomware news & analysis | SC Media Ransomware

Ransomware

Spanish security company Prosegur hit with Ryuk

The Madrid-based security firm Prosegur was hit and taken down by a Ryuk ransomware attack late last week. The firm tweeted on November 27 that it suffered a security incident in its telecommunications platforms and had implemented its defensive and security protocols to try and mitigate and limit the damage to itself and customers. It…

Ransomware attack on nursing homes’ services provider threatens lives

Cybercriminals are reportedly demanding a $14 million extortion payment after using Ryuk ransomware to infect Virtual Care Provider Inc. (VCPI), a company that provides IT consulting and cloud-based data hosting and security services to roughly 110 nursing home operations around the U.S. The Nov. 17 attack took place at 1:30 a.m. local time, encrypting the…

Apple's recently announced iPhone 5S Touch ID is designed to keep intruders out of phone.

NYPD fingerprint database touched by ransomware

The New York City Police Department’s fingerprint database was hit with ransomware in October 2018, a local newspaper learned. The attack was brought in by a third-party vendor who was installing video equipment at the NYPD’s police academy when it connected its infected computer to the police network, according to the New York Post. The…

Microsoft deflects Doppelpaymer/Teams rumors

Microsoft’s security team defended its Teams communication platform saying it has found no connection between the app and the distribution of Dopplepaymer ransomware. Simon Pope, director of incident response at the Microsoft Security Response Center, went to bat for Teams saying he wanted to squelch any rumors that link the spread of Doppelpaymer to the Microsoft…

Louisiana spurns attempted ransomware attack, governor says

Louisiana activated its cybersecurity team after the state was targeted in an attempted ransomware attack similar to those aimed at government organizations and local school districts during the summer, newly re-elected Governor John Bel Edwards tweeted Monday.  “The Office of Technology Services [OTS] identified a cybersecurity threat that affected some, but not all state servers,”…

macy's

Macys.com Magecart attack yields payment, personal info

Hackers accessed macys.com’s “Checkout” and “My Wallet” pages early last month and added malicious script to lift shoppers’ personal information, such as credit card data, then send it to a remote site. The company discovered the Oct. 7 hack on Oct. 15 when it observed “a suspicious connection” between macys.com and the remote website, the company said in…

New NextCry ransomware targets NextCloud sync and share solution

Attackers are reportedly targeting an NGINX/php-fpm vulnerability to infect users of the NextCloud file sync and share service with a recently discovered ransomware called NextCry. Infecting a NextCloud instance is doubly damaging to victims because the affected service begins replacing files stored on their synced-up machines with the newly encrypted versions. In a Nov. 15…

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and IT services, manufacturing companies, and healthcare organizations make up a large share of the targets…

hard drive

AnteFrigus ransomware leaves C alone, goes after other drives

Security researchers have come across and analyzed an oddly behaving ransomware variant that bypasses the victim’s C drive instead targeting the device’s other drives. An analyst who tweets under Mol69 and Bleeping Computer took a look at the odd behavior presented by AnteFrigus ransomware. Instead of going after the one place where most people store…

Next post in Ransomware