Ransomware and Recent Variants

Discussion in 'malware problems & news' started by ronjor, Mar 31, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Ransomware Profile: DarkSide
    https://blog.emsisoft.com/en/38577/ransomware-profile-darkside/
     
  2. guest

    guest Guest

    SAC Health System Impacted By Netgain Cyber Incident
    May 10, 2021
    https://www.prnewswire.com/news-rel...cted-by-netgain-cyber-incident-301287896.html
     
  3. guest

    guest Guest

    Volue ASA hit by Ryuk ransomware
    https://www.volue.com/urgent-updates
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
  5. guest

    guest Guest

    QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day
    May 14, 2021
    https://www.bleepingcomputer.com/ne...raix-ransomware-attacks-roon-server-zero-day/
     
  6. guest

    guest Guest

    The Week in Ransomware - May 14th 2021 - One down, many more to go
    May 14, 2021
    https://www.bleepingcomputer.com/ne...mware-may-14th-2021-one-down-many-more-to-go/
     
  7. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "The bizarre story of the inventor of ransomware...

    The floppy discs were sent to addresses all over the world obtained from a mailing list. Law enforcement traced the effort to a PO box owned by a Harvard-taught evolutionary biologist named Joseph Popp, who was conducting AIDS research at the time.

    He was arrested and charged with multiple counts of blackmail, and is widely credited with being the inventor of ransomware, according to security news website CSOnline.com.

    'Even to this day, no one really knows why he did this'..."

    https://www.cnn.com/2021/05/16/tech/ransomware-joseph-popp/index.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+rss/cnn_latest+(RSS:+CNN+-+Most+Recent)
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Insurer AXA hit by ransomware after dropping support for ransom payments
    https://www.bleepingcomputer.com/ne...e-after-dropping-support-for-ransom-payments/
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    PSA: Threat actors now double encrypting data with multiple ransomware strains
    https://blog.emsisoft.com/en/38554/...ypting-data-with-multiple-ransomware-strains/
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Ransomware victim shows why transparency in attacks matters
    https://www.bleepingcomputer.com/ne...im-shows-why-transparency-in-attacks-matters/
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "NZ:Waikato hospitals hit by cyber security incident

    Clinical services across all Waikato public hospitals have been seriously affected by a cyber security incident with all phones and computers down.

    The DHB said it was experiencing a full outage of its information services.

    Resident Doctors Association and Association of Professional and Executive Employees (APEX) national secretary Dr Deborah Powell said it was her understanding the cyberattack was a type of ransomware called "Conti".

    She said it appeared to be the same type of attack that targeted Ireland's Department of Health last week.

    Clinical services at Waikato, Thames, Tokoroa, Te Kuiti and Taumaranui hospitals are all affected to varying degrees..."

    https://www.rnz.co.nz/news/national/442795/waikato-hospitals-hit-by-cyber-security-incident

    "Tuesday's attack brought the Waikato District Health Board's entire IT network down...

    Police were investigating the attack that had affected Waikato testing laboratories, cancer treatments and email, phone and other services.

    The crippling attack was also just one among a slew of daily cyber assaults hitting New Zealand's health and hospital network, the Ministry of Health warned..."

    https://www.nzherald.co.nz/nz/waika...ith-health-bosses/NX7NA4GIWEOZPAWIECVZAEZIQU/

    "Email attachment believed to have opened door to cyber-attack on Waikato hospitals..."

    https://www.stuff.co.nz/national/12...ened-door-to-cyberattack-on-waikato-hospitals
     
  13. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware

    CISA and the Federal Bureau of Investigation (FBI) have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise (IOCs) to help network defenders find and mitigate activity associated with DarkSide ransomware. These IOCs were shared with critical infrastructure partners and network defenders on May 10, 2021.

    CISA encourages users and administrators to review AA21-131A for more information."

    https://us-cert.cisa.gov/ncas/curre...nt-cybersecurity-advisory-darkside-ransomware
     
  14. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Last edited: May 20, 2021
  15. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "FBI: Conti ransomware attacked 16 US healthcare, first responder orgs

    The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year.

    In an alert made public Thursday...the FBI said the cybercriminals using the malicious software dubbed 'Conti' have targeted law enforcement, emergency medical services, dispatch centers, and municipalities.

    https://www.reuters.com/technology/...ealth-emergency-networks-2021-05-21/?rpc=401&

    'These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S'..."

    https://www.bleepingcomputer.com/ne...tacked-16-us-healthcare-first-responder-orgs/
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  17. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "New Zealand Hospitals Under Prolonged IT Outage From Ransom Hack

    Systems are still down a week after a ransomware attack disrupted the IT network of five hospitals in the New Zealand district of Waikato, and concerns remain that private patient information may have been exposed..."

    https://www.bnnbloomberg.ca/new-zea...rolonged-it-outage-from-ransom-hack-1.1608116
     
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "Audio maker Bose discloses data breach after ransomware attack

    Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company's systems in early March.

    In a breach notification letter filed with New Hampshire's Office of the Attorney General, Bose said that it 'experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across' its 'environment'...

    While investigating the ransomware's attack impact on its network, the audio maker discovered that some of its current and former employees' personal information was accessed by the attackers..."

    https://www.bleepingcomputer.com/ne...iscloses-data-breach-after-ransomware-attack/
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Evolution of JSWorm ransomware
    https://securelist.com/evolution-of-jsworm-ransomware/102428/
     
  20. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    Ransomware gangs' slow decryptors prompt victims to seek alternatives.
    https://www.bleepingcomputer.com/ne...cryptors-prompt-victims-to-seek-alternatives/
     
  21. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "Mexico walls off national lottery sites after ransomware DDoS threat

    Access to Mexico's Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks...

    Yesterday, the Avaddon ransomware operation stated that they successfully conducted an attack on 'Pronosticos Deportivo,' where they claim to have stolen data and then encrypted the devices. The ransomware gang also threatened to release more documents and to DDoS the victim's website if negotiations did not begin within 240 hours..."

    https://www.bleepingcomputer.com/ne...l-lottery-sites-after-ransomware-ddos-threat/
     
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers

    A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network.

    Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility...

    Incident responders at cybersecurity company Sophos discovered the new Epsilon Red ransomware over the past week while investigating an attack at a fairly large U.S. company in the hospitality sector..."

    https://www.bleepingcomputer.com/ne...e-hunts-unpatched-microsoft-exchange-servers/
     
  23. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

    Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses...

    'A small set of whitelisted applications is granted privileges to write to protected folders,' the researchers said. 'However, whitelisted applications themselves are not protected from being misused by other applications...'...

    An attack scenario devised by the researchers revealed that malicious code could be used to control a trusted application like Notepad to perform write operations and encrypt the victim's files stored in the protected folders. To this end, the ransomware reads the files in the folders, encrypts them in memory, and copies them to the system clipboard, following which the ransomware launches Notepad to overwrite the folder contents with the clipboard data..."

    https://thehackernews.com/2021/06/malware-can-use-this-trick-to-bypass.html
     
  24. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    A good reason to set UAC to Always notify. Unless you click the ok button when it prompts. Then it didn't help. :eek:
     
  25. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.