Academic health research institution the University of California, San Francisco and business process services company Conduent have emerged as two of the latest prominent victims of organized ransomware attacks. UCSF was targeted by the NetWalker (aka MailTo) ransomware group, as evidenced by a post on the cyber gang’s data leak website, while it was the Maze…
A new strain of ransomware dubbed Tycoon seeks to take advantage of Java Image (JIMAGE) files that are internal to Java and would typically not raise any red flags for administrators and security managers. The discovery was brought to light by the BlackBerry Research and Intelligence Team in partnership with KPMG’s UK Cyber Response Services,…
The tactics of human-operated ransomware campaigns continue to escalate. Victims who previously feared having their their systems disrupted, their files encrypted and their data stolen and published online may now face another ultimatum: Pay up or have your data auctioned off to the highest bidder. That’s the latest threat from the Sodinokibi/REvil gang, which announced…
Microsoft told organizations Wednesday to focus less on the payload of Java-based ransomware PonyFinal and instead key “more on how it’s delivered” via human-operated ransomware attacks. “PonyFinal is at the tail end of protracted human-operated ransomware campaigns that are known to stay dormant and wait for the most opportune time to deploy the payload,” Microsoft…
The CyberPeace Institute and dozens of international leaders and dignitaries on Tuesday collectively urged the world’s governments in an open letter to help put an end to cyberattacks on hospitals and health care institutions that are already under the incredible strain of combatting the Covid-19 pandemic. “Over the past weeks, we have witnessed attacks that…
Virtual machines are an important tool for threat analysts as they debug and investigate malware. But now there is a documented case of malicious cyber actors exploiting a VM to their advantage in an attempt to hide a Ragnar Locker ransomware attack. Researchers at Sophos, who uncovered the technique, claim that such trickery is a…
The Ukrainian Secret Service on Tuesday announced the arrest of a man who they say is the hacker who amassed hundreds of millions of stolen credentials and then used an internet message board to announce their availability as a data set known as Collection 1. And in another significant win for law enforcement officials, Romania…
Malicious actors have been spotted using an especially sneaky fileless malware technique — reflective dynamic-link library (DLL) injection — to infect victims with Netwalker ransomware in hopes of making the attacks untraceable while frustrating security analysts. In a company blog post on Monday, Trend Micro threat analyst Karen Victor writes that instead of compiling the…
The REvil/Sodinokibi ransomware hackers that struck celebrity law firm Grubman, Shire, Meiselas and Sacks and threatened to release information on clients like Lady Gaga and Madonna as well as President Trump likely exploited an unpatched Citrix vulnerability, and have now turned their sights to a major food company, Sherwood Forest and Harvest Distributors. “…Sherwood has…
A celebrity law firm hit by a REvil ransomware attack is refusing to pay up, and now attackers have doubled the ransom request to $42 million and threatened to release damaging information on President Trump. Although Trump reportedly has never been a client of Grubman Shire Meiselas & Sacks, the New York Post Page Six…
