Ransomware news & analysis | SC Media

Ransomware

Phishing campaign throws Shade ransomware at Russians

Attackers this month have revived an email phishing operation that targets Russian speakers with Shade ransomware served via malicious JavaScript attachments. The scam first emerged in a campaign that began in mid-October of last year, before dying down over the holiday period. But January ushered in a more intense second phase that doubled the previous…

Cloud infrastructure exposed by multivector, multi-platform malware attacks prevalent, mass scale

Persistent malicious attacks exposing cloud infrastructure are the result of a perfect storm combining cryptomining, ransomware and botnet/worms for both Linux and Windows, the Securonix Threat Research Team reported. “The attack activity described in the report is likely prevalent and mass-scale,” Oleg Kolesnikov told SC Media. The research Addison, Texas-based Securonix provides further insight into…

Automatic license plate reader

Ransomware attacks take down Sammamish city hall and Salisbury PD

Two municipalities were hit with ransomware attacks that effectively shut down large portions of their computer networks, restricting access to many records. The affected entities are the City of Sammamish, Wash., and the Salisbury, Md. Police Department. Sammamish city officials deemed the attack, which hit on Jan. 23, severe enough to declare an emergency, which…

Fresh-faced Anatova ransomware created by ‘skilled developers,’ researchers warn

A new family of ransomware that was discovered in a private peer-to-peer network earlier this month has prompted a warning from researchers due to its apparent modular capabilities and its sophisticated coding and anti-analysis techniques. Nicknamed Anatova, the ransomware has already been detected in at least several hundred machines around the world, despite having a…

Downloads of cracked software distribute ransomware via adware bundles

Websites offering cracked versions of popular software programs have recently been serving up adware bundles that secretly deliver a variant of STOP ransomware. According to a pair of reports from Bleeping Computer founder Lawrence Abrams, the scheme came to light in December 2018 with the appearance of the malicious encryptor “Djvu” – so named because…

Ransomware attack comes with malicious ransom note

Some cybercriminals are taking an “in for a penny in for a pound” approach with a new ransomware campaign that is now under development. MalwareHunterTeam discovered the ransomware and the fact the malicious actors kindly offer several forms of payment to obtain the decrytption key, including PayPal. However, if the victim chooses PayPal and follows…

Ryuk ransomware linked to Emotet and TrickBot trojans; suspicions shift to cybercriminal group

Multiple researchers are linking the Ryuk ransomware that disrupted the operations of multiple U.S. newspapers in late 2018 to the Emotet and TrickBot trojans. In so doing, some analysts have now also shifted blame for the attack from North Korean actors to cybercriminals, possibly from Russia, while others maintain that attribution efforts are premature. Crowdstrike,…

Dental Center of NW Ohio feels bite of ransomware attack on IT vendor

The Toledo-based Dental Center of Northwest Ohio has disclosed that a ransomware attack affecting its local third-party IT vendor may be endangered personal data belonging to current and former patients and employees. The IT vendor, Arakyta, informed the health care provider of the possible breach situation around Sept. 1, 2018, the health care provider said in…

Next post in Security News