Ransomware | SC Media


Threat actors gaining admin rights before ransomware infections


Threat actors are using accounts with admin privileges to install BitPaymer ransomware via PsExec suggesting threat actors are taking a more targeted approach to their distribution of malware. Similar to the Arizona Beverage ransomware attack earlier this month, a manufacturing company also appears to have been targeted in an attack in which the company’s name…


CryptoPokemon ransomware decryptor developed


A new ransomware dubbed CryptoPokemon encrypts user files and demands approximately $104 worth of Bitcoin to decrypt the files. CryptoPokemon encrypts files using SHA256 + AES128 and comes with a note containing an email address and website to contact the threat actors  who describe themselves as “valiant support [who] will help you solve this problem.”…

FIN6 cybercrime actor adds ransomware to its repertoire


Traditionally associated with payment card theft, the cybercriminal group FIN6 has expanded its operations to apparently include ransomware attacks using the malicious encryption programs Ryuk and LockerGoga, according to researchers. Investigations by the FireEye Intelligence research team and the company’s Mandiant division have revealed that FIN6’s ransomware activity dates back to July 2018, and has…

The trickle-down effect of cyberwarfare: Protecting yourself when the bad gets worse

In the post-Vault7 world, there has been an interesting shift in the cybersecurity landscape. At one time, well-funded, government-backed nation-state threat actors were the only ones capable of carrying out sophisticated cyberattacks. But now, these hacking techniques have trickled down to your average cybercriminal, equipping them with the power to take down enterprise networks, steal…

Damages from ransomware attack on Norsk Hydro reach as high as $40M


Aluminum company Norsk Hydro has already lost as much as $40.6 million since it was attacked by LockerGoga ransomware on March 19, but at least most of its operations are back running at normal capacity, the company said in a news update yesterday. Most of the financial damage, which Hydro estimated at between 300 million…

Locky Ransomware

Researchers: LockerGoga coding error can be exploited to prevent malicious encryption


The LockerGoga ransomware that’s been targeting industrial and manufacturing companies in early 2019 contains a coding error that could potentially be exploited to stop it from encrypting files, researchers say. The mistake pertains to how the malware handles .lnk file extensions, explains a March 25 blog post from threat management company Alert Logic, whose researchers…

Decryption tool created for ransomware designed to boost PewDiePie subscriptions


A PewDiePie fan has taken his admiration of the popular video game commentator a little too far, creating a ransomware designed to increase the YouTube star’s subscriber count. Fortunately, anti-malware company Emsisoft last week announced a new a decryption tool that restores machines infected by the unusual malware, named “PewCrypt.” On its website, Emsisoft describes…

Two U.S. chemical companies disclose cyberattack, LockerGoga suspected


Just days after a ransomware attack disrupted operations at Norwegian aluminium company Norsk Hydro, two U.S.-based chemical companies last Friday disclosed that they were affected by an unspecified network security incident that blocked access to certain IT systems and data. Reports suggest the incidents could be the work of LockerGoga, the same malicious encryption program that…

Yatron ransomware uses NSA exploits


A ransomware-as-a-service (RaaS) dubbed Yatron plans to spread using EternalBlue and NSA exploits. Oddly enough, researchers noted the ransomware has been promoted on Twitter by its creator who has tweeted promotions to various ransomware and security researchers, according to Bleeping Computer. A security researcher who goes by the name “A Shadow” brought the ransomware to…

Next post in Security News