Ransomware news & analysis | SC Media Ransomware

Ransomware

FTCODE ransomware acquires info-stealing powers

The recently discovered ransomware FTCODE has evolved to include new information-stealing capabilities, and is now infecting victims via VBScript links in phishing emails. Researchers from the Zscaler ThreatLabZ team, who say they first discovered the PowerShell-based malware, detailed the latest changes in a blog post late last week. The new iteration, version 1117.1, contains code…

Travelex recovering from ransomware, but more firms at risk of VPN exploit

Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Meanwhile, a worrisome report revealed that dozens of major U.S. organizations and businesses have also failed…

Nemty ransomware makers may be latest to adopt data leak strategy

Following in the footsteps of Maze and Sodinokibi, it appears the makers another malicious encryption program plans to adopt the tactic of publishing data that’s been exfiltrated from targets. According to a BleepingComputer report, Nemty ransomware developers posted on a news feed in its affiliate panel that it intends to create a website where they…

Snake ransomware tries to slither its way into enterprise networks

Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming language, with an unusually high level of obfuscation. It was discovered by researchers at MalwareHunterTeam;…

Ransomware hits, but doesn’t stop, the Pittsburgh Unified School District

The Pittsburgh Unified School District is still recovering from a ransomware attack that took place over the holiday recess, but its superintendent says school is open for business. Janet Schulze, Superintendent, Pittsburg (Calif.) Unified School District, told district members in a statement that students are welcomed back while the district’s IT department struggles to recover…

Locky Ransomware

Sodinokibi ransomware ID’d as cause of Travelex business disruptions

The malware that has disrupted foreign exchange finance company Travelex’s ability to conduct digital transactions since New Year’s Eve has been identified as Sodinokibi ransomware. The malicious encryption software, which operates on a Ransomware-as-a-Service model, may have been delivered via unpatched, vulnerable Pulse Secure VPN servers and it is believed that the attackers are now…

Ransomware forces Richmond Community Schools to close

Students attending Richmond Community Schools received a belated Christmas present when a ransomware attack delayed the re-opening of school from its holiday break. School officials were likely not as happy, as the attackers have demanded a $10,000 ransom payable in bitcoin, according to NBC25 News. The Michigan district was hit on Dec. 27, with district…

Ransomware attack on maritime facility prompts Coast Guard warning

The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The ransomware program, identified as Ryuk, was delivered via a phishing email containing a…

Ransomware shuts down The Heritage Company

The telemarketing firm The Heritage Company has become the latest ransomware victim to shut down, at least temporarily, its operations even after making a ransom payment to its attackers. Company CEO Sandra Franecke broke the news in a letter to her 300 employees that the 61-year-old firm would suspend activities. Each was told to call…

Next post in Ransomware