Ransomware news & analysis | SC Media

Ransomware

Ransomware disables Cleveland airport’s email systems, information screens

A ransomware attack reportedly has affected email, payroll and record-keeping systems at Cleveland Hopkins International Airport this week and also darkened the transportation facility’s information screens And according to a report from local news outlet WKYC, the attackers may have also accessed airport employee payroll records containing personal information. An April 22 press release issued…

GandCrab ransomware strikes Doctors’ Management Services

Doctors’ Management Services (DMS) was struck with GandCrab ransomware on Christmas Eve last year, possibly exposing the PII of its clients’ patients. Timothy DiBona, CEO of the Massachusetts-based medical billing and services firm, said in a statement that the attack was first noticed on Dec. 24, 2018 when DMS’s files became encrypted with what was…

Ransomware ravages municipalities nationwide this week

Municipalities took a beating this week with at least four reporting being shut down from new ransomware attacks or struggling to recover from an older incident. Augusta, Maine; Imperial County, Calif.; Stuart, Fla.; and Greenville, N.C. were all in different stages of recovering from ransomware attacks over the last seven days. Augusta City Center operations…

Threat actors gaining admin rights before ransomware infections

Threat actors are using accounts with admin privileges to install BitPaymer ransomware via PsExec suggesting threat actors are taking a more targeted approach to their distribution of malware. Similar to the Arizona Beverage ransomware attack earlier this month, a manufacturing company also appears to have been targeted in an attack in which the company’s name…

pokemon

CryptoPokemon ransomware decryptor developed

A new ransomware dubbed CryptoPokemon encrypts user files and demands approximately $104 worth of Bitcoin to decrypt the files. CryptoPokemon encrypts files using SHA256 + AES128 and comes with a note containing an email address and website to contact the threat actors  who describe themselves as “valiant support [who] will help you solve this problem.”…

Ransomware knocks Greenville, N.C. offline

Greenville, N.C., has effectively been knocked offline by a ransomware attack with the city IT department having shut down the majority of its servers to limit the extent of the attack. In a Facebook post city officials said the incident began on April 10 and TheReflector.com reported a city spokesperson a ransom note was received…

FIN6 cybercrime actor adds ransomware to its repertoire

Traditionally associated with payment card theft, the cybercriminal group FIN6 has expanded its operations to apparently include ransomware attacks using the malicious encryption programs Ryuk and LockerGoga, according to researchers. Investigations by the FireEye Intelligence research team and the company’s Mandiant division have revealed that FIN6’s ransomware activity dates back to July 2018, and has…

Next post in Security News