Ransomware news & analysis | SC Media


Third decryption tool for GandCrab ransomware released to public


A new free decryption tool for counteracting the effects of GandCrab ransomware is now available to the public.  This latest decryptor is effective against versions 1, 4 and 5.x up through 5.1, which means GandCrab variants released as recently as October 2018 can now be defeated. The tool is the result of a collaborative effort…

Ransomware attackers exploit old plug-in flaw to infect MSPs and their clients


Researchers are warning that hackers are exploiting a plug-in vulnerability to infect MSPs and their customers with GandCrab ransomware. The bug, CVE-2017-18362, dates back to 2017, and is found in unpatched versions of the ConnectWise ManagedITSync integration plug-in tool, explains a Feb. 8 blog post by Chris Bisnett, security researcher at Huntress Labs. This plug-in…

Possible ransomware attack disturbs Altran Technologies’ European operations


French engineering research and consulting firm Altran Technologies disclosed this week that a Jan. 24 cyberattack impacted its operations in certain European countries. In response to the incident, the company immediately shut down its IT network and all applications,” the company said in a press release issued on Monday. Altran’s statement was short on specifics,…

Phishing campaign throws Shade ransomware at Russians


Attackers this month have revived an email phishing operation that targets Russian speakers with Shade ransomware served via malicious JavaScript attachments. The scam first emerged in a campaign that began in mid-October of last year, before dying down over the holiday period. But January ushered in a more intense second phase that doubled the previous…

Cloud infrastructure exposed by multivector, multi-platform malware attacks prevalent, mass scale

Persistent malicious attacks exposing cloud infrastructure are the result of a perfect storm combining cryptomining, ransomware and botnet/worms for both Linux and Windows, the Securonix Threat Research Team reported. “The attack activity described in the report is likely prevalent and mass-scale,” Oleg Kolesnikov told SC Media. The research Addison, Texas-based Securonix provides further insight into…

Automatic license plate reader

Ransomware attacks take down Sammamish city hall and Salisbury PD


Two municipalities were hit with ransomware attacks that effectively shut down large portions of their computer networks, restricting access to many records. The affected entities are the City of Sammamish, Wash., and the Salisbury, Md. Police Department. Sammamish city officials deemed the attack, which hit on Jan. 23, severe enough to declare an emergency, which…

Fresh-faced Anatova ransomware created by ‘skilled developers,’ researchers warn


A new family of ransomware that was discovered in a private peer-to-peer network earlier this month has prompted a warning from researchers due to its apparent modular capabilities and its sophisticated coding and anti-analysis techniques. Nicknamed Anatova, the ransomware has already been detected in at least several hundred machines around the world, despite having a…

Downloads of cracked software distribute ransomware via adware bundles


Websites offering cracked versions of popular software programs have recently been serving up adware bundles that secretly deliver a variant of STOP ransomware. According to a pair of reports from Bleeping Computer founder Lawrence Abrams, the scheme came to light in December 2018 with the appearance of the malicious encryptor “Djvu” – so named because…

Ransomware attack comes with malicious ransom note


Some cybercriminals are taking an “in for a penny in for a pound” approach with a new ransomware campaign that is now under development. MalwareHunterTeam discovered the ransomware and the fact the malicious actors kindly offer several forms of payment to obtain the decrytption key, including PayPal. However, if the victim chooses PayPal and follows…

Next post in Ransomware