City Of Galt Targeted In Ransomware Attack December 17, 2019 https://sacramento.cbslocal.com/2019/12/17/galt-ransomware-hackers-attack/
ScreenConnect MSP Software Used to Install Zeppelin Ransomware December 18, 2019 https://www.bleepingcomputer.com/ne...software-used-to-install-zeppelin-ransomware/ Morphisec: ConnectWise Control Abused Again to Deliver Zeppelin Ransomware
Prairie insurance and financial brokerage failed to disclose ransomware attack Andrew Agencies says breach 'dealt with' after hackers list it as victim December 18, 2019 https://www.cbc.ca/news/technology/andrew-agencies-ransomware-1.5400101?cmp=rss
The hideous part of this attack is the attacker legit installed remote connection management client software is using using TCP port 3460 for communication. So any stateful firewall not monitoring all outbound traffic can be bypassed. Assumed is most if not all AVs are not going to detect the installation. Of note is all cmd.exe and PowerShell activity is initiated and run within the legit ScreenConnect software. Another example that once a network is compromised allowing for external access, anything is possible.
30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world In December 1989 the world was introduced to the first ever ransomware - and 30 years later ransomware attacks are now at crisis levels December 19, 2019 https://www.zdnet.com/article/30-ye...ations-for-the-malware-taking-over-the-world/
How ransomware spreads: 9 most common infection methods and how to stop them https://blog.emsisoft.com/en/35083/...ommon-infection-methods-and-how-to-stop-them/
The Week in Ransomware - December 20th 2019 - Attacks Everywhere December 20, 2019 https://www.bleepingcomputer.com/ne...omware-december-20th-2019-attacks-everywhere/
FBI Issues Alert For LockerGoga and MegaCortex Ransomware December 23, 2019 https://www.bleepingcomputer.com/ne...ert-for-lockergoga-and-megacortex-ransomware/
Truckstop.com struck by malware attack December 23, 2019 https://landline.media/truckstop-com-struck-by-malware-attack/
Sherwood telemarketing company temporarily shuts down, blames cyber attack ransom December 24, 2019 https://katv.com/news/local/sherwoo...orarily-shuts-down-blames-cyber-attack-ransom
Andrew Agencies investigates extensive cyberattack Incident becomes public following CBC story appearing almost two months after attack December 23, 2019 https://www.weyburnreview.com/andrew-agencies-investigates-extensive-cyberattack-1.24041305 Andrew Agencies: Andrew Agencies Ltd. – December 19, 2019 Re: Ransomware incident
New York comptroller warns Haverstraw that town's computers are vulnerable to ransomware December 24, 2019 https://eu.lohud.com/story/news/loc...mptroller-town-haverstraw-malware/2732523001/
Maastricht University (Universiteit Maastricht) hit by Clop-ransomware. Article in Dutch - 24 Dec 2019 https://nos.nl/artikel/2316120-universiteit-maastricht-kampt-met-ransomware-aanval.html
Computers from Maastricht University hostage to destructive pc software December 24, 2019 https://ourbitcoinnews.com/computers-from-maastricht-university-hostage-to-malicious-software/
Ryuk Ransomware Stops Encrypting Linux Folders December 26, 2019 https://www.bleepingcomputer.com/news/security/ryuk-ransomware-stops-encrypting-linux-folders/
Emsisoft releases new decryptor for ChernoLocker ransomware https://blog.emsisoft.com/en/35191/emsisoft-releases-new-decryptor-for-chernolocker-ransomware/
Town continues to recover from cyberattack December 22, 2019 https://www.ricentral.com/east_gree...cle_4768aa82-2535-11ea-b7a7-1bdc21ed1939.html
The Epidemic Analysis of Ransomware in November 2019 December 27, 2019 https://blog.360totalsecurity.com/en/the-epidemic-analysis-of-ransomware-in-november-2019/
U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility December 27, 2019 https://www.bleepingcomputer.com/ne...-ryuk-ransomware-took-down-maritime-facility/
Ransomware at IT Services Provider Synoptek December 27, 2019 https://krebsonsecurity.com/2019/12/ransomware-at-it-services-provider-synoptek/
The following site has articles both in Dutch and in English. "UM has been in contact with cybercriminals" https://www.observantonline.nl/Engl...82/UM-has-been-in-contact-with-cybercriminals
Article in Dutch by national broadcaster NOS - 30 Dec 2019 : https://nos.nl/artikel/2316708-door...universiteit-maastricht-snel-weer-online.html Among other things the article says: - Experts from Fox-IT (among others) are investigating it. - The local newspaper "De Limburger" is saying: it had contact with Vitali Kremez in New York and he is saying that probably the Russian group TA505 is behind this. (note by me: whether that will be proven, time will tell (or not)...).
Firm being blackmailed by hackers for $6m obtains Irish court injunction Irish-registered company is allegedly linked to a website publishing confidential data December 31, 2019 https://www.irishtimes.com/news/cri...r-6m-obtains-irish-court-injunction-1.4128069
Truckstop.com is back up and running December 31, 2019 https://landline.media/truckstop-com-is-back-up-and-running/
