Two bills have been introduced into the New York State Senate that if passed would ban municipalities from paying money demanded by ransomware attackers. The bills are S7246 introduced, by Sen. Phil Boyle, (R), and S7289, introduced by Sen. David Carlucci (D). The first bill would make it specifically illegal for local governments to use…
Citrix over the last six days has been releasing firmware updates to fix CVE-2019-19781, a critical remote code execution vulnerability in its Citrix Application Delivery Controller, Citrix Gateway and SD-WAN WANOP products, which cybercriminals have actively exploited in an attempt to deliver ransomware, backdoors and coin miners. The Fort Lauderdale, Fla.-based software company has now…
The recently discovered ransomware FTCODE has evolved to include new information-stealing capabilities, and is now infecting victims via VBScript links in phishing emails. Researchers from the Zscaler ThreatLabZ team, who say they first discovered the PowerShell-based malware, detailed the latest changes in a blog post late last week. The new iteration, version 1117.1, contains code…
Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Meanwhile, a worrisome report revealed that dozens of major U.S. organizations and businesses have also failed…
Following in the footsteps of Maze and Sodinokibi, it appears the makers another malicious encryption program plans to adopt the tactic of publishing data that’s been exfiltrated from targets. According to a BleepingComputer report, Nemty ransomware developers posted on a news feed in its affiliate panel that it intends to create a website where they…
Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming language, with an unusually high level of obfuscation. It was discovered by researchers at MalwareHunterTeam;…
The malware that has disrupted foreign exchange finance company Travelex’s ability to conduct digital transactions since New Year’s Eve has been identified as Sodinokibi ransomware. The malicious encryption software, which operates on a Ransomware-as-a-Service model, may have been delivered via unpatched, vulnerable Pulse Secure VPN servers and it is believed that the attackers are now…
The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The ransomware program, identified as Ryuk, was delivered via a phishing email containing a…
An alleged British hacker pleaded not guilty in a U.S. federal court in St. Louis, Mo., to a charge that he conspired to steal sensitive PII with the intention to release those records on criminal marketplaces unless victims paid ransoms. Nathan Wyatt, 39, purportedly a member of the “Dark Overload” hacking group, was extradited from…
Cybercriminals have spun off a ransomware that was originally known to target Russian organizations into a new malicious encryptor used in targeted campaigns against strategically selected health care and IT companies in America and Europe. Dubbed Zeppelin, the new ransomware is a descendant of VegaLocker, a Delphi-based Ransomware-as-a-Service (RaaS) offering that was discovered in early…
