A May ransomware attack on M.J. Brunner Inc. exposed data pertaining to clients of SEI Investments Co., among them money managers like Pacific Investment Management Co. (Pimco), Fortress Investment Group LLC and Centerbridge Partners. SEI Investments said in a statement that the attack was not the result of any flaw in
Tag: ransomware
Hidden purpose of Mac ‘ransomware’ EvilQuest is data exfiltration, say researchers
Researchers have developed a decryption tool for the recently discovered EvilQuest ransomware program designed to target Mac machines. But several analysts now concur that EvilQuest’s malicious encryption may be more of a decoy, while the program’s true purpose appears to be data exfiltration. In a new blog post this week, Thomas
NetWalker ransomware group claims attack on Fort Worth transportation agency
Another Texas-based government institution has apparently fallen victim to ransomware actors, as the cybercriminals behind the malicious encryptor NetWalker have published online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs. According to
Ragnar Locker teams up with Maze; DopplePaymer, Zorab ransomware wreak havoc
UCSF, Conduent are latest to suffer the slings and arrows of ransomware
Academic health research institution the University of California, San Francisco and business process services company Conduent have emerged as two of the latest prominent victims of organized ransomware attacks. UCSF was targeted by the NetWalker (aka MailTo) ransomware group, as evidenced by a post on the cyber gang’s data leak website, while
Attackers’ use of virtual machine to hide ransomware is a first, say researchers
Virtual machines are an important tool for threat analysts as they debug and investigate malware. But now there is a documented case of malicious cyber actors exploiting a VM to their advantage in an attempt to hide a Ragnar Locker ransomware attack. Researchers at Sophos, who uncovered the technique, claim that
Netwalker ransomware actors go fileless to make attacks untraceable
Malicious actors have been spotted using an especially sneaky fileless malware technique — reflective dynamic-link library (DLL) injection — to infect victims with Netwalker ransomware in hopes of making the attacks untraceable while frustrating security analysts. In a company blog post on Monday, Trend Micro threat analyst Karen Victor writes that
Shade ransomware gang gives up keys, apologizes to victims
The malicious actors behind Shade ransomware made an unusual announcement on GitHub, not only publishing all 750,000 decryptor keys for the malware but apologizing for their criminal actions. “We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the
Nemty comes up empty, as cyber gang ditches ransomware for newer encryptor
The cyber actors behind the Nemty ransomware-as-a-service operation are reportedly folding up shop as they concentrate their efforts on a newly launched malicious encryptor. The decision to shut down Nemty could leave some individuals in a lurch. As of April 14, the cybercriminals are giving victims one week to pay their
Interpol warns hospitals about COVID-19-based ransomware threat
Interpol is warning hospitals and healthcare organizations to be aware that cybercriminals are ramping up the number of ransomware attacks targeting their facilities. Although it did not provide any statistics, Interpol has noted a significant increase in attacks taking place while these medical facilities are expending all their energy battling Coronavirus.