Ransomware and Recent Variants

Discussion in 'malware problems & news' started by ronjor, Mar 31, 2016.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    Abuse of ESET AV Remover
    Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
    May 8, 2019
    https://blog.trendmicro.com/trendla...v-tool-to-distract-from-malicious-activities/
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,412
    Location:
    U.S.A.
    With VT detection of 46/72, all the major AVs are detecting the old Eset AV uninstaller.

    -EDIT- After reading the complete TrendMicro analysis, use of the Eset AV uninstaller was used to distract the user while the ransomware encryption was underway. It had no impact on or in any way was used in the actual ransomware processing itself.
     
    Last edited: May 8, 2019
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,971
    Location:
    Here
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,971
    Location:
    Here
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    Severe Ransomware Attacks Against Swiss SMEs
    May 9, 2019
    https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    Jokeroo Ransomware as a Service Pulls an Exit Scam
    May 9, 2019
    https://www.bleepingcomputer.com/news/security/jokeroo-ransomware-as-a-service-pulls-an-exit-scam/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    The Week in Ransomware - May 10th 2019 - MegaCortex, Jokeroo, and More
    May 10, 2019
    https://www.bleepingcomputer.com/ne...re-may-10th-2019-megacortex-jokeroo-and-more/
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    Crippling ransomware attacks targeting US cities on the rise
    May 11, 2019
    https://www.wptv.com/news/science-tech/crippling-ransomware-attacks-targeting-us-cities-on-the-rise
    Recorded Future: "Early Findings: Review of State and Local Government Ransomware Attacks" (PDF - 1.18 MB): https://go.recordedfuture.com/hubfs/reports/cta-2019-0510.pdf
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    MegaCortex, deconstructed: mysteries mount as analysis continues
    An update to last week’s late-breaking information about this novel ransomware
    May 10, 2019
    https://news.sophos.com/en-us/2019/...ructed-mysteries-mount-as-analysis-continues/
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    Baltimore Ransomware Attack Takes Strange Twist
    May 14, 2019
    https://www.darkreading.com/attacks...are-attack-takes-strange-twist/d/d-id/1334706
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    OKCPS confirms ransomware cyber-attack
    May 14, 2019
    https://kfor.com/2019/05/14/okcps-confirms-ransomware-cyber-attack/
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    71,205
    Location:
    Texas
    Two Ransomware Recovery Firms Typically Pay Hackers
     
  13. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,030
    Location:
    DC Metro Area
    "8 days after cyberattack, Baltimore’s network still hobbled...

    BALTIMORE (AP) — More than a week after a cyberattack hobbled Baltimore’s computer network, city officials said Wednesday they can’t predict when its overall system will be up and running and continued to give only the broadest outlines of the problem...

    ...[A]fter eight days, online payments, billing systems and email are still down. Finance department employees can only accept checks or money orders.

    No property transactions have been conducted since the attack, exasperating home sellers and real estate professionals in the city of over 600,000. Most major title insurance companies have even prohibited their agents from issuing policies for properties in Baltimore, according to the Greater Baltimore Board of Realtors...

    This month’s problems come just over a year since another ransomware attack slammed Baltimore’s 911 dispatch system, prompting a worrisome 17-hour shutdown of automated emergency dispatching...

    This latest attack came about a week after the firing of a city employee who, the inspector general said, had downloaded thousands of sexually explicit images onto his work computer during working hours...

    It’s not clear what culprits are demanding from Baltimore’s City Hall.

    Baltimore’s information technology boss Frank Johnson...is one of the city’s highest paid employees, earning $250,000 a year. That’s more than the mayor, the city’s top prosecutor and the health commissioner are paid..."

    https://wtop.com/baltimore/2019/05/8-days-after-cyberattack-baltimores-network-still-hobbled/
     
  14. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,114
    Wow that is just insanity. I will gladly move to Baltimore to take his job for that kind of salary lol.
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    FBI Flash: Ryuk Ransomware Continues to Attack U.S. Businesses
    May 16, 2019
    https://www.lexblog.com/2019/05/16/fbi-flash-ryuk-ransomware-continues-to-attack-u-s-businesses/
     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    FBI, DHS Investigate Malware Attack in Ada County, Idaho
    May 16, 2019
    https://www.govtech.com/security/FBI-DHS-Investigate-Malware-Attack-in-Ada-County-Idaho.html
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,941
    The Week in Ransomware - May 17th 2019 - BTW, It's NOT Dead
    May 17, 2019
    https://www.bleepingcomputer.com/ne...in-ransomware-may-17th-2019-btw-its-not-dead/
     
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,030
    Location:
    DC Metro Area
    "Analysis of ransomware used in Baltimore attack indicates hackers needed 'unfettered access' to city computers...

    The city of around 92,000 realized April 10 it had fallen prey to hackers — the first known victim of a new strain of so-called ransomware dubbed RobbinHood. Somehow, the attackers gained access to a city administrative account, allowing them to take over the system and sow the virus one computer at a time.
    'Once it had that, it was able to lock our servers and files and everything,'...

    Because the strain is new, it can slip past anti-virus tools and relies on hackers gaining what one security researcher called “unfettered access” to a victim’s system days or perhaps even weeks in advance...

    More attacks could be coming. After Baltimore officials said May 7 that the city had been hit, the National Capital Region Threat Intelligence Consortium, a government intelligence fusion center in Washington, issued a warning that evening. The organization circulated a bulletin saying it 'assesses with moderate confidence that a new ransomware campaign, dubbed RobbinHood Ransomware, is actively targeting government networks within the United States.'...

    RobbinHood could not have spread from machine to machine across a network on its own. Rather, the attackers would have needed to obtain access that would make them appear to be legitimate administrators, and then target individual victim computers..."

    https://www.baltimoresun.com/news/maryland/politics/bs-md-ci-ransomware-attack-20190517-story.html


    Gone Phising
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.