Academic health research institution the University of California, San Francisco and business process services company Conduent have emerged as two of the latest prominent victims of organized ransomware attacks. UCSF was targeted by the NetWalker (aka MailTo) ransomware group, as evidenced by a post on the cyber gang’s data leak website, while
Tag: ransomware
Attackers’ use of virtual machine to hide ransomware is a first, say researchers
Virtual machines are an important tool for threat analysts as they debug and investigate malware. But now there is a documented case of malicious cyber actors exploiting a VM to their advantage in an attempt to hide a Ragnar Locker ransomware attack. Researchers at Sophos, who uncovered the technique, claim that
Netwalker ransomware actors go fileless to make attacks untraceable
Malicious actors have been spotted using an especially sneaky fileless malware technique — reflective dynamic-link library (DLL) injection — to infect victims with Netwalker ransomware in hopes of making the attacks untraceable while frustrating security analysts. In a company blog post on Monday, Trend Micro threat analyst Karen Victor writes that
Shade ransomware gang gives up keys, apologizes to victims
The malicious actors behind Shade ransomware made an unusual announcement on GitHub, not only publishing all 750,000 decryptor keys for the malware but apologizing for their criminal actions. “We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the
Nemty comes up empty, as cyber gang ditches ransomware for newer encryptor
The cyber actors behind the Nemty ransomware-as-a-service operation are reportedly folding up shop as they concentrate their efforts on a newly launched malicious encryptor. The decision to shut down Nemty could leave some individuals in a lurch. As of April 14, the cybercriminals are giving victims one week to pay their
Interpol warns hospitals about COVID-19-based ransomware threat
Interpol is warning hospitals and healthcare organizations to be aware that cybercriminals are ramping up the number of ransomware attacks targeting their facilities. Although it did not provide any statistics, Interpol has noted a significant increase in attacks taking place while these medical facilities are expending all their energy battling Coronavirus.
Jupiter, Fla., fighting REvil/Sodinokibi ransomware and Coronavirus
The town of Jupiter, located in an area of Florida hard hit by Coronavirus, is continuing to recover from a late March ransomware attack. Town officials reported last week that its email, utility payment and planning submissions systems were all down. The attack took place on March 23 with town officials
Maze ransomware group claims Chubb as victim
In the middle of a pandemic, insurance companies are likely targets for cyberattackers so it’s not surprising that Chubb this week reportedly found itself a victim of the Maze ransomware’s operators, who encrypted the company’s files. The group put a notice on its news site claiming that it had encrypted the insurance company’s network. If
Ransomware halts health organization’s ability to inform public on COVID-19
Officials at the Champaign-Urbana Public Health District were dealt a blow in their ability to inform the public about the Coronavirus outbreak when it was attacked with ransomware knocking its website offline. The attack struck on March 10, according to published reports, taking down the website and the staff’s ability to access records. The website has since
Legal services giant Epiq Global offline after ransomware attack
Legal services giant Epiq Global has been hit by a ransomware attack. The law firm, which provides legal counsel and administration that counts banks, credit giants, and governments as customers, confirmed the attack hit on February 29. “As part of our comprehensive response plan, we immediately took our systems offline globally to