Ransomware news & analysis | SC Media

Ransomware

Tweet may contain login credentials taken in Baltimore ransomware attack

Baltimore’s issues stemming from a May 7 Robbinhood ransomware attack are not only starting to impact some aspects of the city’s economy, but the security firm Armor came across a Tweet that may contain information gleaned from the Baltimore’s network. Eric Sifford, a security researcher with Armor’s Threat Resistance Unit, found a tweet dated May…

Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018

Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…

matrix

MegaCortex ransomware attacks spike

A spike in activity surrounding the relatively new ransomware MegaCortex was detected on May 1 hitting North America and several European nations. MegaCortex, a take on Metacortex from The Matrix, first surfaced in late January when it was uploaded to VirusTotal from the Czech Republic. Since February there have been 76 confirmed attacks using the…

New Sodinokibi ransomware delivered via Oracle WebLogic vulnerability

A remotely exploitable vulnerability in the Oracle WebLogic Server is currently the attack vector of choice for malicious actors to deliver a newly discovered ransomware called Sodinokibi. Sokinokibi encrypts data found in the user directory and leverages the Microsoft Windows vssadmin.exe utility to delete any “shadow copies” (created by default back-up mechanisms) in order to…

Malvertising scheme abuses Yandex.Direct, targets Russian accountants with assorted malware

Cybercriminals are abusing the Yandex.Direct online advertising service in order to serve up malicious ads that target Russian accountants with the goal of infecting them with banking trojans and ransomware. Researchers from ESET have so far linked six malware programs to this campaign, which began in October and continues to this day. During periods of…

Flaw in Confluence collaboration products exploited to deliver GandCrab, AESDDoS Botnet malware

Malicious actors have been serving up GandCrab ransomware and a variant of AESDDoS Botnet malware by exploiting a recently patched vulnerability in two “Confluence” team collaboration products from Australia-based Atlassian. GandCrab is a malicious encryption program that first emerged in early 2018, while the AESDDoS variant is a more versatile program capable of remote code…

Next post in Security News