Ransomware | SC Media Ransomware

Ransomware

New York considers bills banning ransom payments

Two bills have been introduced into the New York State Senate that if passed would ban municipalities from paying money demanded by ransomware attackers. The bills are S7246 introduced, by Sen. Phil Boyle, (R), and S7289, introduced by Sen. David Carlucci (D). The first bill would make it specifically illegal for local governments to use…

Citrix fixes bug used in ransomware attacks; Auto maker GEDIA falls victim to exploit

Citrix over the last six days has been releasing firmware updates to fix CVE-2019-19781, a critical remote code execution vulnerability in its Citrix Application Delivery Controller, Citrix Gateway and SD-WAN WANOP products, which cybercriminals have actively exploited in an attempt to deliver ransomware, backdoors and coin miners. The Fort Lauderdale, Fla.-based software company has now…

FTCODE ransomware acquires info-stealing powers

The recently discovered ransomware FTCODE has evolved to include new information-stealing capabilities, and is now infecting victims via VBScript links in phishing emails. Researchers from the Zscaler ThreatLabZ team, who say they first discovered the PowerShell-based malware, detailed the latest changes in a blog post late last week. The new iteration, version 1117.1, contains code…

Travelex recovering from ransomware, but more firms at risk of VPN exploit

Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Meanwhile, a worrisome report revealed that dozens of major U.S. organizations and businesses have also failed…

Nemty ransomware makers may be latest to adopt data leak strategy

Following in the footsteps of Maze and Sodinokibi, it appears the makers another malicious encryption program plans to adopt the tactic of publishing data that’s been exfiltrated from targets. According to a BleepingComputer report, Nemty ransomware developers posted on a news feed in its affiliate panel that it intends to create a website where they…

Snake ransomware tries to slither its way into enterprise networks

Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming language, with an unusually high level of obfuscation. It was discovered by researchers at MalwareHunterTeam;…

Locky Ransomware

Sodinokibi ransomware ID’d as cause of Travelex business disruptions

The malware that has disrupted foreign exchange finance company Travelex’s ability to conduct digital transactions since New Year’s Eve has been identified as Sodinokibi ransomware. The malicious encryption software, which operates on a Ransomware-as-a-Service model, may have been delivered via unpatched, vulnerable Pulse Secure VPN servers and it is believed that the attackers are now…

Ransomware attack on maritime facility prompts Coast Guard warning

The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The ransomware program, identified as Ryuk, was delivered via a phishing email containing a…

Dread Zeppelin: Ransomware targets health care and IT sectors in U.S., Europe

Cybercriminals have spun off a ransomware that was originally known to target Russian organizations into a new malicious encryptor used in targeted campaigns against strategically selected health care and IT companies in America and Europe. Dubbed Zeppelin, the new ransomware is a descendant of VegaLocker, a Delphi-based Ransomware-as-a-Service (RaaS) offering that was discovered in early…

Next post in Ransomware