Ransomware news & analysis | SC Media

Ransomware

Ransomware ravages municipalities nationwide this week

By

Municipalities took a beating this week with at least four reporting being shut down from new ransomware attacks or struggling to recover from an older incident. Augusta, Maine; Imperial County, Calif.; Stuart, Fla.; and Greenville, N.C. were all in different stages of recovering from ransomware attacks over the last seven days. Augusta City Center operations…

Threat actors gaining admin rights before ransomware infections

By

Threat actors are using accounts with admin privileges to install BitPaymer ransomware via PsExec suggesting threat actors are taking a more targeted approach to their distribution of malware. Similar to the Arizona Beverage ransomware attack earlier this month, a manufacturing company also appears to have been targeted in an attack in which the company’s name…

pokemon

CryptoPokemon ransomware decryptor developed

By

A new ransomware dubbed CryptoPokemon encrypts user files and demands approximately $104 worth of Bitcoin to decrypt the files. CryptoPokemon encrypts files using SHA256 + AES128 and comes with a note containing an email address and website to contact the threat actors  who describe themselves as “valiant support [who] will help you solve this problem.”…

Ransomware knocks Greenville, N.C. offline

By

Greenville, N.C., has effectively been knocked offline by a ransomware attack with the city IT department having shut down the majority of its servers to limit the extent of the attack. In a Facebook post city officials said the incident began on April 10 and TheReflector.com reported a city spokesperson a ransom note was received…

FIN6 cybercrime actor adds ransomware to its repertoire

By

Traditionally associated with payment card theft, the cybercriminal group FIN6 has expanded its operations to apparently include ransomware attacks using the malicious encryption programs Ryuk and LockerGoga, according to researchers. Investigations by the FireEye Intelligence research team and the company’s Mandiant division have revealed that FIN6’s ransomware activity dates back to July 2018, and has…

Arizona Beverages ransomware attack exacerbated by unpatched servers, poorly configured back-up system

By

Arizona Beverages, quick to the grocer’s shelf with its ubiquitous iced teas, has been slow to get much of its network running again after it discovered its backup system wasn’t properly configured to restore its systems in the wake of a targeted ransomware attack and was forced to spend a pretty penny to bring in…

Michigan medical practice folds after ransomware attack

By

A Battle Creek, Mich. medical practice is being forced to shut its doors after cyberattackers wiped out its files when the firm refused to pay a ransom. Brookside ENT and Hearing Center’s Dr. William Scalf told wwmt.com the center was hit with ransomware which locked up its files and presented the practice with a $6,500…

Albany, N.Y. hit with ransomware attack

By

Albany, New York was hit with a ransomware attack on March 30 that has shut down an undetermined number of several city services. Albany Mayor Kathy Sheehan informed the public of the attack in a tweet on Saturday. Few details of the attack have been issued by city officials, but Sheehan did tell all city…

Next post in Ransomware