The recently discovered ransomware FTCODE has evolved to include new information-stealing capabilities, and is now infecting victims via VBScript links in phishing emails. Researchers from the Zscaler ThreatLabZ team, who say they first discovered the PowerShell-based malware, detailed the latest changes in a blog post late last week. The new iteration, version 1117.1, contains code…
Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Meanwhile, a worrisome report revealed that dozens of major U.S. organizations and businesses have also failed…
A ransomware attack on New Orleans has racked up at least $7 million in financial damage to The City That Care Forgot, its mayor said. New Orleans was able to get back $3 million through a cyber insurance policy, the mayor told WVUE, which also cited Chief Administrative Officer Gilbert Montano as saying the city…
Following in the footsteps of Maze and Sodinokibi, it appears the makers another malicious encryption program plans to adopt the tactic of publishing data that’s been exfiltrated from targets. According to a BleepingComputer report, Nemty ransomware developers posted on a news feed in its affiliate panel that it intends to create a website where they…
Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming language, with an unusually high level of obfuscation. It was discovered by researchers at MalwareHunterTeam;…
The Pittsburgh Unified School District is still recovering from a ransomware attack that took place over the holiday recess, but its superintendent says school is open for business. Janet Schulze, Superintendent, Pittsburg (Calif.) Unified School District, told district members in a statement that students are welcomed back while the district’s IT department struggles to recover…
The malware that has disrupted foreign exchange finance company Travelex’s ability to conduct digital transactions since New Year’s Eve has been identified as Sodinokibi ransomware. The malicious encryption software, which operates on a Ransomware-as-a-Service model, may have been delivered via unpatched, vulnerable Pulse Secure VPN servers and it is believed that the attackers are now…
Students attending Richmond Community Schools received a belated Christmas present when a ransomware attack delayed the re-opening of school from its holiday break. School officials were likely not as happy, as the attackers have demanded a $10,000 ransom payable in bitcoin, according to NBC25 News. The Michigan district was hit on Dec. 27, with district…
The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The ransomware program, identified as Ryuk, was delivered via a phishing email containing a…
The telemarketing firm The Heritage Company has become the latest ransomware victim to shut down, at least temporarily, its operations even after making a ransom payment to its attackers. Company CEO Sandra Franecke broke the news in a letter to her 300 employees that the 61-year-old firm would suspend activities. Each was told to call…
