Ransomware News, Articles and Updates

Updated Rakhni malware strain can be ransomware or a cryptominer

The five-year-old Trojan-Ransom.Win32.Rakhni family has received a facelift that now allows it to decide whether or not to install its traditional ransomware or to drop a cryptominer instead.

Smoke Loader gains PROPagate injection capability

An updated version of the Smoke Loader malware downloader has been sampled in the wild and was found to contain one of the first successful uses of the PROPagate injection technique uses in an actual attack.

Malicious version of Syscoin's Windows installer found on Github

Malicious actors replaced the legitimate Windows installer for Syscoin's cryptocurrency earlier this month with a version containing malware, which was available on the company's Github page for several days.

Atlanta ransomware recovery bill more than triples

The cost associated with the ransomware attack that crippled the Atlanta city government skyrocketed with the municipality's IT director asking for an additional $9.5 million to deal with the incident's aftermath.

Atlanta cyberattack destroyed critical police evidence

The attack wiped out the city police department's dashcam footage archive, which could compromise DUI cases and has already left a Police Department investigator unable to produce a critical piece of evidence during testimony.

Organizations can't just flirt with their disaster plan

A cyber disaster plan must not only be designed to keep an organization or business functioning in the wake of a cyberattack, but it also must be practiced regularly in order to be fully effective, according to the members of the Disaster Planning Cybersecurity Style panel at the RiskSecNY conference.

Supermarket retailer CISO identifies millennials, sales and marketing pros as riskiest employees

Supermarket giant Ahold Delhaize has determined that the employees who engage in the riskiest cyber behavior tend to be sales and marketing professionals, high-level executives and millennials, according to the company's global CISO Carolyn Schreiber.

Allied Physicians hit with SamSam ransomware

Allied Physicians of Michiana, Mich., reported it was hit with a SamSam ransomware attack, but was able to quickly restore its systems and the healthcare facility does not believe any patient data was compromised.

SynAck ransomware implements Doppelgänging evasion technique

SynAck targeted ransomware was seen in the wild using the Doppelgänging technique which was first presented as a proof of concept in December 2017.

WannaCry dominated 2017 ransomware landscape: report

The volume of ransomware attacks in 2017 increased dramatically, but almost all of this growth was due to the appearance of WannaCry, a new report states.

BLACKHEART ransomware uses legit AnyDesk tool as an unwitting accomplice

A nearly discovered ransomware program drops its malicious payload alongside the perfectly legitimate AnyDesk remote desktop tool, possibly as a means to evade detection, according to researchers.

SamSam ransomware designed to inundate targeted networks with thousands of copies of itself

The ongoing SamSam ransomware campaign responsible for recently infecting the city of Atlanta, the Colorado Department of Transportation and an array of health care organizations represents an emerging operational model for malicious cryptors, according to researchers at Sophos.

HPE iLO 4 remote management interfaces targeted with ransomware

Threat actors are targeting internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware or a decoy wiper.

Ransomware exposes records of 85,000 Center for Orthopaedic Specialists patients

California's Center for Orthopaedic Specialists (COS) last week disclosed that its three facilities were affected by a ransomware attack on a third-party system that allowed adversaries to access patient data and encrypt it for the purposes of extortion.

Separate ransomware attacks hit Ukraine and Canada

Two widely separated ransomware attacks against the Ukrainian energy ministry and the provincial government of Canada's Prince Edward Island (PEI) have knocked each agencies primary website offline.

Ransomware has generated about $4.6 million in bitcoin for its distributors

Two Italian researchers from the University of Padua have compiled an estimate of how much money, in bitcoin, has been generated by the various types of ransomware used by cybercriminals.

Microsoft worker pleads not guilty in ransomware case

A Florida man has been charged with federal charges related to the Reveton ransomware scam that prosecutors say he helped operate prior to his hiring at Microsoft.

Atlanta, Colorado DOT ransomware mitigation costing millions

The tab the city of Atlanta and the Colorado Department of Transportation is paying to clean up from their respective ransomware attacks has climbed into the millions.

URL file attacks spread Quant Loader

A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers

Verizon report: Ransomware runs rampant, responsible for 39% of malware-caused breaches

Ransomware was the most commonly detected malware in data breaches and related security incidents last year, climbing from fourth overall in 2016 and all the way from the 22nd spot five years ago, according to Verizon's just released 2018 Data Breach Investigations Report.

PUBG ransomware supplies its own decrypt key

If a victim is not in the mood to play the game PlayerUnknown's Battlegrounds in order to restore encrypted files, the ransomware creators also supply a decryptor code in the ransom note, the MalwareHunterTeam said.

Cryptocurrency mining malware usage continues climbing

It should come as no surprise to anyone in the cybersecurity industry that cryptocurrency mining is increasing at an incredible rate, but the rate of increase might come as a surprise.

Hit them where it hurts...critical infrastructure

Critical infrastructure is being targeted by cybercriminals looking to wreak havoc whether working alone or in concert with nation-states.

Protect Without Perimeters

Microsoft adds ransomware protection, recovery tools to Office 365

Microsoft has rolled out a series of new tools to protect its Office 365 Home and 365 Personal customers from a variety of cyberthreats, including ransomware.

Cryptomix ransomware receives face lift

The malicious actors behind Cryptomix ransomware have pushed out a new variant, with the primary change being the inclusion of a new extension and minor alterations to the contact info and ransom note.