Ransomware news & analysis | SC Media

Ransomware

Hospital

No reprieve for health care orgs as ransomware hits hospital operator, plastic surgeons

If there was any lingering hope that cybercriminals would show mercy on health care providers during the COVID-19 crisis — as some claimed they would do — that pipe dream evaporated with the news that various ransomware groups attacked Fresenius, Europe’s largest private hospital operator, as well as a pair of U.S.-based plastic surgery clinics.…

‘About Coronavirus’ app locks Android screens with repackaged malware

An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites. Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and…

Average ransom payment up 33 percent in Q1, Sodinokibi and Ryuk top variants

The ever industrious and forward-looking groups behind the majority of ransomware attacks essentially reinvented the business during the first quarter of 2020 developing new tools and methods that helped boost their success rate. The advent of the COVID-19 pandemic certainly helped these cybercriminals by giving them additional avenues to pursue but the new strategies would…

Microsoft warns of ransomware attacks with ‘motley crew’ of payloads

Ransomware delivering a “motley crew” of payloads is straining security operations especially in health care, Microsoft warned, urging security teams to look for signs of credential theft and lateral movement activities that herald attacks. Examination of an uptick in ransomware attacks during the first two weeks “showed that many of the compromises that enabled these…

In growing market for genetic data, privacy implications prove lasting

ExecuPharm employee info compromised following reported ransomware attack

ExecuPharm, a provider of pharmaceutical clinical research support services, has suffered a data security incident that has reportedly been identified as a CLOP ransomware attack, coupled with a corresponding data leak. Security experts have expressed concern that cybercriminals will target health care organizations at a time when their services may be needed to help respond…

black shades

Shade ransomware gang gives up keys, apologizes to victims

The malicious actors behind Shade ransomware made an unusual announcement on GitHub, not only publishing all 750,000 decryptor keys for the malware but apologizing for their criminal actions. “We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the end of 2019.” the…

Online leak undermines Torrance’s claim that no personal data was affected by cyberattack

A new online post by the DoppelPaymer gang further suggests that a cyberattack experienced by Torrance, California in late February-early March was a case of ransomware — one that appears to have affected personal data, despite the Los Angeles-area city’s claims otherwise. Brett Callow, threat analyst at Emsisoft, shared several examples of sensitive data published…

Maze ransomware attack catches IT services firm Cognizant unawares

Digital solutions provider and IT consultant giant Cognizant has been struck by a Maze ransomware attack that infected its systems and caused service disruptions to its clients. The Teaneck, N.J.-based company, with roughly $15 billion in revenue, confirmed the incident in a press release over the weekend. Cognizant serves a wide spectrum of industries, including…

Ragnar Locker’s well-conceived ransomware attack on Energias de Portugal

Ragnar Locker’s ransomware attack on Energias de Portugal (EDP) and its subsequent 1,580 bitcoin, or $11 million, ransom demand indicates the attack was well thought out with the attacker fully understanding it’s victim’s financial capabilities. James McQuiggan, security awareness advocate at KnowBe4, told SC Media that Ragnar Locker’s general modus operandi is to charge a…

Nemty comes up empty, as cyber gang ditches ransomware for newer encryptor

The cyber actors behind the Nemty ransomware-as-a-service operation are reportedly folding up shop as they concentrate their efforts on a newly launched malicious encryptor. The decision to shut down Nemty could leave some individuals in a lurch. As of April 14, the cybercriminals are giving victims one week to pay their ransom and receive a…

Next post in Cybercrime