Group items tagged

"Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom. The "Petya" ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. Infected computers display a message demanding a Bitcoin ransom worth $300. Those who pay are asked to send confirmation of payment to an email address. However, that email address has been shut down by the email provider. "

"There are now more than 120 separate families of ransomware, said experts studying the malicious software. Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns."

"The organisation is a pioneer of the "ransomware as a service" model, whereby it outsources the target selection and attacks to a network of semi-independent "affiliates", providing them with the tools and infrastructure and taking a commission on the ransoms in return. As well as ransomware, which typically works by encrypting data on infected machines and demanding a payment for providing the decryption key, LockBit copied stolen data and threatened to publish it if the fee was not paid, promising to delete the copies on receipt of a ransom."

"A new strain of ransomware has been targeting government agencies and educational institutions in the United States, through scam emails that pretend to be something important. The malware, dubbed as 'MarsJoke' by Proofpoint security researchers, reportedly began a large-scale email campaign which distributed the cryptomalware last week. The developers are sending out emails which seems to be masked as a message from an airline company."

"That is when the alarm bells went off for Mr Ang. "I saw that there was a text file inside the encrypted folder that showed that it was ransomware, asking for payment to decrypt the files." The company decided not to pay the ransom of US$1,000 (S$1,447). Instead, it spent a week rebuilding about 3,000 infected files with data of the accounts and stocks from hard copy files."

"A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate. "

"In just a few short years, ransomware -- malware that encrypts all the files on the computer and then charges you for a key to restore them -- has gone from a clever literary device for technothrillers to a cottage industry to an epidemic to a public menace. "

"Ransomware has been in the news repeatedly over the past few years. This is the insidious malware that will lock your data or device (smartphone or PC) and displays a screen-wide message that demands money from you to release it, which it does by sending you an unlock code."

"Branded as "Tox", the tool lets anyone, regardless of technical ability, automatically create ransomware: software which encrypts a victim's hard drive and demands payment before decrypting it."

"And that means that there's now a financial incentive for going after just about anything. While the payoff of going after businesses' networks used to depend on the long play-working deep into the network, finding and packaging data, smuggling it back out-ransomware attacks don't require that level of sophistication today. It's now much easier to convert hacks into cash."

""This is the largest impact on the energy system in the United States we've seen from a cyberattack, full stop," says Rob Lee, CEO of the critical-infrastructure-focused security firm Dragos. Aside from the financial impact on Colonial Pipeline or the many providers and customers of the fuel it transports, Lee points out that around 40 percent of US electricity in 2020 was produced by burning natural gas, more than any other source. That means, he argues, that the threat of cyberattacks on a pipeline presents a significant threat to the civilian power grid. "You have a real ability to impact the electric system in a broad way by cutting the supply of natural gas. This is a big deal," he adds. "I think Congress is going to have questions. A provider got hit with ransomware from a criminal act, this wasn't even a state-sponsored attack, and it impacted the system in this way?""

"Ransomware analysts offered several possible explanations for why the master key has now appeared. It is possible Kaseya, a government entity, or a collective of victims paid the ransom. The Kremlin in Russia also might have seized the key from the criminals and handed it over through intermediaries, experts said."

"Ransomware hunters: the self-taught tech geniuses fighting cybercrime"

"While the name behind the attack might be relatively new, the criminal technique is not. Ransomware gangs render an organisation's computers inaccessible by infecting them with malicious software - malware - and then demanding a payment, typically in cryptocurrency, to unlock the files. In recent years, however, in a process dubbed "double extortion", the majority of gangs steal data at the same time and threaten to release it online, which they hope will strengthen their negotiating hand."

"The January snow lay thick on the Moscow ground, as masked officers of the FSB - Russia's fearsome security agency - prepared to smash down the doors at one of 25 addresses they would raid that day. Their target was REvil, a shadowy conclave of hackers that claimed to have stolen more than $100m (£74m) a year through "ransomware" attacks, before suddenly disappearing. As group members were led away in cuffs, FSB officers gathered crypto-wallets containing untold volumes of digital currency such as bitcoin. Others used money-counting machines to tot up dozens of stacks of hundred dollar bills."

"TeslaCrypt ransomware with new features that are impossible to crack, according to Cisco's Talos security arm. That means user infected with the latest version (3.01) of the malware can no longer use white hat-engineered software to get their files back. Until someone finds a new solution -- and that seems unlikely -- victims will have to pay."

"Petya ransomware victims can now unlock infected computers without paying. An unidentified programmer has produced a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up. In notes put on code-sharing site Github, he said he had produced the key generator to help his father-in-law unlock his Petya-encrypted computer."

"The criminals who took over the library system want $35,000 in Bitcoin to give it back.The criminals who took over the library system want $35,000 in Bitcoin to give it back. The FBI is investigating. The library does not store sensitive patron data, so the hack does not expose patrons to data-breach risks."

"The malware was delivered through multiple ad networks, and used a number of vulnerabilities, including a recently-patched flaw in Microsoft's former Flash competitor Silverlight, which was discontinued in 2013. When the infected adverts hit users, they redirect the page to servers hosting the malware, which includes the widely-used (amongst cybercriminals) Angler exploit kit. That kit then attempts to find any back door it can into the target's computer, where it will install cryptolocker-style software, which encrypts the user's hard drive and demands payment in bitcoin for the keys to unlock it."

"Hacking into software and then demanding a ransom to release it - what's known as ransomware - is not new. Finnish security expert Mikko Hypponen fully expects it to become a reality as self-driving or "autonomous" cars start to become more commonplace."