Data center provider CyrusOne was reportedly hit with a combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware. Details are scarce, but ZDNet reported the attack took place on December 4. A screenshot of the ransom note indicated all the files were locked and that the threat actors would allow one file to be decrypted…
The Madrid-based security firm Prosegur was hit and taken down by a Ryuk ransomware attack late last week. The firm tweeted on November 27 that it suffered a security incident in its telecommunications platforms and had implemented its defensive and security protocols to try and mitigate and limit the damage to itself and customers. It…
Cybercriminals are reportedly demanding a $14 million extortion payment after using Ryuk ransomware to infect Virtual Care Provider Inc. (VCPI), a company that provides IT consulting and cloud-based data hosting and security services to roughly 110 nursing home operations around the U.S. The Nov. 17 attack took place at 1:30 a.m. local time, encrypting the…
The New York City Police Department’s fingerprint database was hit with ransomware in October 2018, a local newspaper learned. The attack was brought in by a third-party vendor who was installing video equipment at the NYPD’s police academy when it connected its infected computer to the police network, according to the New York Post. The…
Microsoft’s security team defended its Teams communication platform saying it has found no connection between the app and the distribution of Dopplepaymer ransomware. Simon Pope, director of incident response at the Microsoft Security Response Center, went to bat for Teams saying he wanted to squelch any rumors that link the spread of Doppelpaymer to the Microsoft…
Louisiana activated its cybersecurity team after the state was targeted in an attempted ransomware attack similar to those aimed at government organizations and local school districts during the summer, newly re-elected Governor John Bel Edwards tweeted Monday. “The Office of Technology Services [OTS] identified a cybersecurity threat that affected some, but not all state servers,”…
Hackers accessed macys.com’s “Checkout” and “My Wallet” pages early last month and added malicious script to lift shoppers’ personal information, such as credit card data, then send it to a remote site. The company discovered the Oct. 7 hack on Oct. 15 when it observed “a suspicious connection” between macys.com and the remote website, the company said in…
Attackers are reportedly targeting an NGINX/php-fpm vulnerability to infect users of the NextCloud file sync and share service with a recently discovered ransomware called NextCry. Infecting a NextCloud instance is doubly damaging to victims because the affected service begins replacing files stored on their synced-up machines with the newly encrypted versions. In a Nov. 15…
Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and IT services, manufacturing companies, and healthcare organizations make up a large share of the targets…
Security researchers have come across and analyzed an oddly behaving ransomware variant that bypasses the victim’s C drive instead targeting the device’s other drives. An analyst who tweets under Mol69 and Bleeping Computer took a look at the odd behavior presented by AnteFrigus ransomware. Instead of going after the one place where most people store…
