Ransomware | SC Media Ransomware

Ransomware

Dread Zeppelin: Ransomware targets health care and IT sectors in U.S., Europe

Cybercriminals have spun off a ransomware that was originally known to target Russian organizations into a new malicious encryptor used in targeted campaigns against strategically selected health care and IT companies in America and Europe. Dubbed Zeppelin, the new ransomware is a descendant of VegaLocker, a Delphi-based Ransomware-as-a-Service (RaaS) offering that was discovered in early…

Snatch ransomware encrypts files in Safe Mode to thwart security software

A cybercriminal organization has been attacking Windows users with a hybrid ransomware and data stealer program that encrypts machines while in Safe Mode in order to render endpoint protection programs moot. Dubbed Snatch, the malware “runs itself in an elevated permissions mode, sets registry keys that instructs Windows to run it following a Safe Mode…

Report: Dental practices feel the pain of ransomware attack on IT provider

More than 100 dentist offices have reportedly been affected by a recent Sodinokibi ransomware attack on a Colorado-based company that provides IT services to the oral-care practices. Security expert Brian Krebs reported this past weekend via his blog post that Englewood, Colo.-based Complete Technology Solutions (CTS), was attacked back on Nov. 25, apparently via a compromised remote…

My kingdom for a decryptor! Ransomware creates ticketing snafu for N.J. Shakespeare theater

The Shakespeare Theatre of New Jersey was forced to cancel a performance of “A Christmas Carol” earlier this week after a ransomware attack disrupted its database and ticketing system, causing a show reservations nightmare. Performances of the show, which run through Dec. 29, are now back underway. However, the ransomware has disabled the company’s online…

Ransomware attack on nursing homes’ services provider threatens lives

Cybercriminals are reportedly demanding a $14 million extortion payment after using Ryuk ransomware to infect Virtual Care Provider Inc. (VCPI), a company that provides IT consulting and cloud-based data hosting and security services to roughly 110 nursing home operations around the U.S. The Nov. 17 attack took place at 1:30 a.m. local time, encrypting the…

New NextCry ransomware targets NextCloud sync and share solution

Attackers are reportedly targeting an NGINX/php-fpm vulnerability to infect users of the NextCloud file sync and share service with a recently discovered ransomware called NextCry. Infecting a NextCloud instance is doubly damaging to victims because the affected service begins replacing files stored on their synced-up machines with the newly encrypted versions. In a Nov. 15…

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and IT services, manufacturing companies, and healthcare organizations make up a large share of the targets…

New PureLocker ransomware built for targeted attacks, linked to MaaS dealer

A newly discovered ransomware called PureLocker is targeting the production servers of enterprises, while exhibiting some behavior that’s very unusual for most malicious encryptors. Among its quirky features: it’s written in the PureBasic programming language, which helps it avoid conventional anti-malware detection engines; it’s very picky about who it infects, only executing if the victim machine…

Pemex claims victory over cyberattack; $4.9 million ransom reportedly demanded

The claim made by the Mexican state-owned petroleum corporation Pemex that it had recovered from a Nov. 10 cyberattack was met with some skepticism, as published reports indicate the attack may be still affecting the company. Pemex stated it had suffered a cyberattack that impacted about five percent of its computer equipment, but managed to…

MegaCortex ransomware variant threatens data breach, alters credentials

A newly discovered variant of MegaCortex ransomware goes well beyond just encrypting victims’ files — it also changes their Windows passwords and threatens to publish their stolen data if they fail to pay. In a report earlier this week, BleepingComputer said it helped analyzed the new strain after it was discovered by MalwareHunterTeam and subsequently…

Next post in Ransomware