Ransomware news & analysis | SC Media

Ransomware

SMBs imperiled as low-end RaaS grows more powerful

As Ransomware-as-a-Service (RaaS) has simultaneously grown more powerful and easier to use, just about anyone can launch successful, damaging ransomware attacks on organizations. Small and medium businesses are particularly vulnerable to the widening variety of tactics –from the “spray and pray” favored by Avaddon to the mass-market-based business model used by Dharma RaaS. “The skills…

Maze delivers on threat to publish data stolen from Canon

Canon apparently didn’t pay up as previously believed after it fell victim to a Maze ransomware attack, because the company’s stolen data has cropped up online. On the site where Maze leaks data from its conquests, attackers said that they would release five percent of the data stolen from Canon during the late July attack,…

More attackers trying to sabotage incident response tactics

The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked. At least that’s what researchers concluded in the fifth installment of VMware Carbon Black’s semi-annual Global Incident Response Threat Report, which also focused heavily on the impact of COVID-19…

Stricken electronics firms weigh reward, cost of paying ransom

Garmin reportedly paid cyber extortionists millions of dollars for access to a decryptor so that the company could restore its services to customers following a July 23 WastedLocker ransomware attack. Meanwhile, a separate ransomware outfit this week reportedly leaked sensitive data lifted from LG and Xerox’s internal networks after attempted negotiations with the two tech…

Nefilim gang leaks files stolen from Dussmann Group subsidiary

By now, it’s a familiar refrain, ransomware operators publishing documents after pinching them from a vulnerable company – this time the victim was a subsidiary of Germany’s Dussmann Group, a sprawling multiservice provider, and the attacker, Nefilim’s operators. The ransomware gang pinched files, including AutoCAD drawings, Word documents and accounting docs from refrigerator specialist  Dresdner…

Avon attackers may have exploited unprotected web server

An openly accessible web server has emerged as a possible attack vector used by cybercriminals in a reported ransomware incident that affected personal care and beauty marketer Avon Products last June. Researchers from Safety Detectives today announced its discovery of a U.S.-based Avon.com server that was not defended by a password, leaving it accessible to…

Dave ShinyHunters hack exposes 7.5 million user records

Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group…

Garmin expects delays after WastedLocker ransomware attack

Garmin expects its operations to be back up in the next few days, with some delays, after suffering a targeted WastedLocker ransomware attack that reinforced that the best cybersecurity strategy is to prepare for the worst. The smart watch/wearable tech firm admitted on its website the attack encrypted some of its systems on July 23,…

SEI Investments customer data exposed in ransomware attack on vendor

A May ransomware attack on M.J. Brunner Inc. exposed data pertaining to clients of SEI Investments Co., among them money managers like Pacific Investment Management Co. (Pimco), Fortress Investment Group LLC and Centerbridge Partners. SEI Investments said in a statement that the attack was not the result of any flaw in its network. Instead, the…

Dacls RAT’s goals are to steal customer data and spread ransomware

The Dacls remote access trojan that is capable of attacking Windows, Linux and macOS environments has been used to distribute VHD ransomware and to target customer databases for attempted exfiltration, according to researchers. Kaspersky on Wednesday revealed this latest intel on Dacls in a company blog post and corresponding press release that also detailed an…

Next post in Malware