Showing: 1 - 5 of 5 RESULTS

This major criminal hacking group just switched to ransomware attacks

A widespread hacking operation that has been targeting organisations around the world in a phishing and malware campaign which has been active since 2016 has now switched to ransomware attacks, reflecting how successful ransomware has become a money-making tool for cyber criminals.

Dubbed FIN11, the campaign has been detailed by cybersecurity researchers at FireEye Mandiant, who describe the hackers as a ‘well-established financial crime group’ which has conducted some of the longest running hacking campaigns.

The group started by focusing attacks on banks, retailers and restaurants but has grown to indiscriminately target a wide range of sectors in different locations around the world, sending thousands of phishing emails out and simultaneously conducting attacks against several organisations at any one time.

For example, in just one week, Mandiant observed concurrent campaigns targeting pharmaceuticals, shipping and logistics industries in both North America and Europe.

But despite attacks targeting a wide variety of

Read More

Prominent Stages In The Evolution Of Ransomware

At its rudimentary stage, online extortion was all about bluff and did not use cryptography at all. It hinged upon screen lockers stating that the FBI caught users violating copyright or distributing NSFW content. Victims were instructed to pay a fine via a prepaid service such as MoneyPak or Ukash.

Things have changed dramatically over time. Ransomware operators rethought the range of their intended victims, switching to the enterprise as juicier prey than individuals. In recent years, they also added a data leak strategy and DDoS threats to their genre. As a result, online extortion has matured into one of today’s most detrimental cybersecurity perils.

Ransomware went pro in 2013

The first mainstream file-encrypting ransom Trojan called CryptoLocker made its debut in September 2013. It used an asymmetric 2048-bit RSA cipher

Read More

Court Orders Seizure of Ransomware Botnet Controls as U.S. Election Nears | Technology News

SAN FRANCISCO (Reuters) – Microsoft said Monday it had used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election.

The maker of the Windows operating system said it seized a series of internet protocol addresses hosted by U.S. companies that had been directing activity on computers infected with Trickbot, one of the most common pieces of malware in the world.

More than a million computers have been infected with Trickbot, and the operators use the software to install more pernicious programs, including ransomware, for both criminal groups and national governments that pay for the access, researchers said.

Trickbot has shown up in a number of public governments, which could be hurt worse if the operators encrypt files or install programs that interfere with voter registration records or the display and public reporting

Read More

Microsoft alerts Android users of new ransomware that could render smartphone useless

Microsoft is responsible for locating and dealing with potentially dangerous malwares on their own Windows operating system. However, the tech company claims that they try to use their expertise to provide benefits to operating systems beyond their own. According to the company’s cybersecurity blog, Android users should be aware of the new and evolving malwares that target the operating system.

In their official blog, the company stated that they have found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that have also been observed on other platforms.

Microsoft claims that this new mobile ransomware was detected by Microsoft Defender for Endpoint as AndroidOS/MalLocker.B. This new malware is the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop, according to the blog.

The ransomware, according to Microsoft, masks itself

Read More

German tech giant Software AG down after ransomware attack

software-ag-logo.png

Image: Software AG

Software AG, one of the largest software companies in the world, has suffered a ransomware attack over the last weekend, and the company has not yet fully recovered from the incident.

A ransomware gang going by the name of “Clop” has breached the company’s internal network on Saturday, October 3, encrypted files, and asked for more than $20 million to provide the decryption key.

Earlier today, after negotiations failed, the Clop gang published screenshots of the company’s data on a website the hackers operate on the dark web (a so-called leak site).

The screenshots show employee passport and ID scans, employee emails, financial documents, and directories from the company’s internal network.

saoftware-ag.png

Image: ZDNet

Software AG disclosed the incident on Monday when it revealed it was facing disruptions on its internal network “due to [a] malware attack.”

The company said that services to customers, including its cloud-based services,

Read More