Abuse of ESET AV Remover Dharma Ransomware Uses AV Tool to Distract from Malicious Activities May 8, 2019 https://blog.trendmicro.com/trendla...v-tool-to-distract-from-malicious-activities/
With VT detection of 46/72, all the major AVs are detecting the old Eset AV uninstaller. -EDIT- After reading the complete TrendMicro analysis, use of the Eset AV uninstaller was used to distract the user while the ransomware encryption was underway. It had no impact on or in any way was used in the actual ransomware processing itself.
Emsisoft releases a free decrypter for ZQ Ransomware https://blog.emsisoft.com/en/33125/emsisoft-releases-a-free-decrypter-for-zq-ransomware/
Emsisoft releases a free decrypter for MegaLocker Ransomware https://blog.emsisoft.com/en/33132/emsisoft-releases-a-free-decrypter-for-megalocker-ransomware/
Severe Ransomware Attacks Against Swiss SMEs May 9, 2019 https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes
Jokeroo Ransomware as a Service Pulls an Exit Scam May 9, 2019 https://www.bleepingcomputer.com/news/security/jokeroo-ransomware-as-a-service-pulls-an-exit-scam/
The Week in Ransomware - May 10th 2019 - MegaCortex, Jokeroo, and More May 10, 2019 https://www.bleepingcomputer.com/ne...re-may-10th-2019-megacortex-jokeroo-and-more/
Crippling ransomware attacks targeting US cities on the rise May 11, 2019 https://www.wptv.com/news/science-tech/crippling-ransomware-attacks-targeting-us-cities-on-the-rise Recorded Future: "Early Findings: Review of State and Local Government Ransomware Attacks" (PDF - 1.18 MB): https://go.recordedfuture.com/hubfs/reports/cta-2019-0510.pdf
MegaCortex, deconstructed: mysteries mount as analysis continues An update to last week’s late-breaking information about this novel ransomware May 10, 2019 https://news.sophos.com/en-us/2019/...ructed-mysteries-mount-as-analysis-continues/
Baltimore Ransomware Attack Takes Strange Twist May 14, 2019 https://www.darkreading.com/attacks...are-attack-takes-strange-twist/d/d-id/1334706
OKCPS confirms ransomware cyber-attack May 14, 2019 https://kfor.com/2019/05/14/okcps-confirms-ransomware-cyber-attack/
"8 days after cyberattack, Baltimore’s network still hobbled... BALTIMORE (AP) — More than a week after a cyberattack hobbled Baltimore’s computer network, city officials said Wednesday they can’t predict when its overall system will be up and running and continued to give only the broadest outlines of the problem... ...[A]fter eight days, online payments, billing systems and email are still down. Finance department employees can only accept checks or money orders. No property transactions have been conducted since the attack, exasperating home sellers and real estate professionals in the city of over 600,000. Most major title insurance companies have even prohibited their agents from issuing policies for properties in Baltimore, according to the Greater Baltimore Board of Realtors... This month’s problems come just over a year since another ransomware attack slammed Baltimore’s 911 dispatch system, prompting a worrisome 17-hour shutdown of automated emergency dispatching... This latest attack came about a week after the firing of a city employee who, the inspector general said, had downloaded thousands of sexually explicit images onto his work computer during working hours... It’s not clear what culprits are demanding from Baltimore’s City Hall. Baltimore’s information technology boss Frank Johnson...is one of the city’s highest paid employees, earning $250,000 a year. That’s more than the mayor, the city’s top prosecutor and the health commissioner are paid..." https://wtop.com/baltimore/2019/05/8-days-after-cyberattack-baltimores-network-still-hobbled/
Wow that is just insanity. I will gladly move to Baltimore to take his job for that kind of salary lol.
FBI Flash: Ryuk Ransomware Continues to Attack U.S. Businesses May 16, 2019 https://www.lexblog.com/2019/05/16/fbi-flash-ryuk-ransomware-continues-to-attack-u-s-businesses/
FBI, DHS Investigate Malware Attack in Ada County, Idaho May 16, 2019 https://www.govtech.com/security/FBI-DHS-Investigate-Malware-Attack-in-Ada-County-Idaho.html
The Week in Ransomware - May 17th 2019 - BTW, It's NOT Dead May 17, 2019 https://www.bleepingcomputer.com/ne...in-ransomware-may-17th-2019-btw-its-not-dead/
"Analysis of ransomware used in Baltimore attack indicates hackers needed 'unfettered access' to city computers... The city of around 92,000 realized April 10 it had fallen prey to hackers — the first known victim of a new strain of so-called ransomware dubbed RobbinHood. Somehow, the attackers gained access to a city administrative account, allowing them to take over the system and sow the virus one computer at a time. 'Once it had that, it was able to lock our servers and files and everything,'... Because the strain is new, it can slip past anti-virus tools and relies on hackers gaining what one security researcher called “unfettered access” to a victim’s system days or perhaps even weeks in advance... More attacks could be coming. After Baltimore officials said May 7 that the city had been hit, the National Capital Region Threat Intelligence Consortium, a government intelligence fusion center in Washington, issued a warning that evening. The organization circulated a bulletin saying it 'assesses with moderate confidence that a new ransomware campaign, dubbed RobbinHood Ransomware, is actively targeting government networks within the United States.'... RobbinHood could not have spread from machine to machine across a network on its own. Rather, the attackers would have needed to obtain access that would make them appear to be legitimate administrators, and then target individual victim computers..." https://www.baltimoresun.com/news/maryland/politics/bs-md-ci-ransomware-attack-20190517-story.html Gone Phising
The Epidemic Analysis of Ransomware in April 2019 May 18, 2019 https://blog.360totalsecurity.com/en/the-epidemic-analysis-of-ransomware-in-april-2019/
"Mayor: City of Baltimore will have to rebuild some IT systems to recover from cyber attack..." https://technical.ly/baltimore/2019...some-it-systems-to-recover-from-cyber-attack/ "Baltimore ransomware nightmare could last weeks more, with big consequences Houses can't be sold, bills can't be paid while city networks are shuttered... ...Unlike the City of Atlanta—which suffered from a Samsam ransomware attack in March of 2018—Baltimore has no insurance to cover the cost of a cyber attack. It's not like the city wasn't warned. Baltimore's information security manager warned of the need for such a policy during budget hearings last year. But the final budget did not include funds for that policy, nor did it include funding for expanded security training for city employees, or other strategic investments that were part of the mayor's strategic plan for the city's information technology infrastructure..." https://arstechnica.com/information...-could-last-weeks-more-with-big-consequences/
A Closer Look at Satan Ransomware’s Propagation Techniques May 20, 2019 https://www.fortinet.com/blog/threa...k-satan-ransomwares-propagation-technics.html
Emsisoft releases a free decrypter for JSWorm 2.0 Ransomware May 20, 2019 https://blog.emsisoft.com/en/33239/emsisoft-releases-a-free-decrypter-for-jsworm-2-0-ransomware/
Louisville Regional Airport Authority hit by 'ransomware' attack May 20, 2019 https://www.wdrb.com/news/louisvill...cle_3bb91a98-7b2e-11e9-8299-bf6488cd8e45.html
"Cybersecurity experts warn Baltimore to stop 'playing' with ransomware attacks Cybersecurity experts say Baltimore is playing with fire as a deadline to pay thousands of dollars in ransom to hackers holding several of the city's servers hostage has come and gone... 'What's frustrating with Baltimore is that it's been quite a long time since the infection,' Daniel Tobok, CEO of Cytelligence, told Fox News. 'If they aren't fully operational by now, why are they still playing with this?'... Tobok, whose company has helped 500 municipalities hit by ransomware attacks, says while he doesn't necessarily advocate paying off cyber crooks, he believes that in some instances 'you don't have a choice, you have to make a business decision.' He also warns that if Baltimore keeps stalling, the outcome could be devastating... 'Baltimore is playing with time,' he said. 'They are going to come to a point where they have two choices - A. The (ransom demands) are going to skyrocket or B. The hackers will shut down the account they have been using and move out.' If that happens, any communication or hope of restoring data could be out the window, Tobok said..." https://www.foxnews.com/tech/cybers...more-to-stop-playing-with-ransomeware-attacks
