Ransomware | SC Media

Ransomware

Sodinokibi ransomware campaigns span growing array of attack vectors

Since its discovery of Sodinokibi ransomware last April, cybercriminals have reportedly been attempting to infect networks with the malicious encryption program through a growing number of vectors, including supply chain attacks, spam, and malvertisements that redirect victims to an exploit kit. Sodinokibi encrypts data found in the user directory and prevents data recovery by leveraging…

Ransomware attack on software company ResiDex may have exposed data on assisted-living residents, workers

Personal information belonging to residents and employees of multiple assisted living facilities were potentially exposed in an April 2019 cyberattack that infected third-party software company Tenx Systems, LLC with ransomware. The Minneapolis-based company, which operates under the name ResiDex Software and provides software to assisted-living homes, group facilities and care-giving organizations for seniors and the…

As GandCrab gang prepares to retire, decryptor for v5.2 of ransomware released

The purportedly final version of GandCrab ransomware can now be neutralized with a new decryption tool, made available to the public. This latest decryptor is effective against versions 1, 4 and 5.x up through 5.2. Version 5.2 is the last iteration created by the prolific ransomware’s developers before they announced on a dark web forum…

Ransomware attack hobbles Washington food bank

An Auburn, Washington-based food bank that provides meals to individuals in need has reportedly been victimized in a ransomware attack, leaving staff members unable to access files and emails. A report from the Auburn Examiner says the June 5 attack on The Auburn Food Bank has reduced the charitable organization to one working computer, currently…

DefCon: You cannot 'cyberhijack' an airplane, but you can still create mischief

Louisville Regional Airport Authority grounded by ransomware attack

The Louisville Regional Airport Authority (LRAA) had its wings clipped on Monday by a ransomware attack on its systems, reports say. According to local news sources, an LRAA spokesperson said the incident encrypted the municipal corporation’s localized files, did not affect operations or security systems at the two airports under its purview, Louisville Muhammad Ali…

Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018

Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…

New Sodinokibi ransomware delivered via Oracle WebLogic vulnerability

A remotely exploitable vulnerability in the Oracle WebLogic Server is currently the attack vector of choice for malicious actors to deliver a newly discovered ransomware called Sodinokibi. Sokinokibi encrypts data found in the user directory and leverages the Microsoft Windows vssadmin.exe utility to delete any “shadow copies” (created by default back-up mechanisms) in order to…

Next post in Security News