Ransomware and Recent Variants

Discussion in 'malware problems & news' started by ronjor, Mar 31, 2016.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    Abuse of ESET AV Remover
    Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
    May 8, 2019
    https://blog.trendmicro.com/trendla...v-tool-to-distract-from-malicious-activities/
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,538
    Location:
    U.S.A.
    With VT detection of 46/72, all the major AVs are detecting the old Eset AV uninstaller.

    -EDIT- After reading the complete TrendMicro analysis, use of the Eset AV uninstaller was used to distract the user while the ransomware encryption was underway. It had no impact on or in any way was used in the actual ransomware processing itself.
     
    Last edited: May 8, 2019
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,217
    Location:
    Here
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,217
    Location:
    Here
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    Severe Ransomware Attacks Against Swiss SMEs
    May 9, 2019
    https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    Jokeroo Ransomware as a Service Pulls an Exit Scam
    May 9, 2019
    https://www.bleepingcomputer.com/news/security/jokeroo-ransomware-as-a-service-pulls-an-exit-scam/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    The Week in Ransomware - May 10th 2019 - MegaCortex, Jokeroo, and More
    May 10, 2019
    https://www.bleepingcomputer.com/ne...re-may-10th-2019-megacortex-jokeroo-and-more/
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    Crippling ransomware attacks targeting US cities on the rise
    May 11, 2019
    https://www.wptv.com/news/science-tech/crippling-ransomware-attacks-targeting-us-cities-on-the-rise
    Recorded Future: "Early Findings: Review of State and Local Government Ransomware Attacks" (PDF - 1.18 MB): https://go.recordedfuture.com/hubfs/reports/cta-2019-0510.pdf
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    MegaCortex, deconstructed: mysteries mount as analysis continues
    An update to last week’s late-breaking information about this novel ransomware
    May 10, 2019
    https://news.sophos.com/en-us/2019/...ructed-mysteries-mount-as-analysis-continues/
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    Baltimore Ransomware Attack Takes Strange Twist
    May 14, 2019
    https://www.darkreading.com/attacks...are-attack-takes-strange-twist/d/d-id/1334706
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    OKCPS confirms ransomware cyber-attack
    May 14, 2019
    https://kfor.com/2019/05/14/okcps-confirms-ransomware-cyber-attack/
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    73,017
    Location:
    Texas
    Two Ransomware Recovery Firms Typically Pay Hackers
     
  13. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,169
    Location:
    DC Metro Area
    "8 days after cyberattack, Baltimore’s network still hobbled...

    BALTIMORE (AP) — More than a week after a cyberattack hobbled Baltimore’s computer network, city officials said Wednesday they can’t predict when its overall system will be up and running and continued to give only the broadest outlines of the problem...

    ...[A]fter eight days, online payments, billing systems and email are still down. Finance department employees can only accept checks or money orders.

    No property transactions have been conducted since the attack, exasperating home sellers and real estate professionals in the city of over 600,000. Most major title insurance companies have even prohibited their agents from issuing policies for properties in Baltimore, according to the Greater Baltimore Board of Realtors...

    This month’s problems come just over a year since another ransomware attack slammed Baltimore’s 911 dispatch system, prompting a worrisome 17-hour shutdown of automated emergency dispatching...

    This latest attack came about a week after the firing of a city employee who, the inspector general said, had downloaded thousands of sexually explicit images onto his work computer during working hours...

    It’s not clear what culprits are demanding from Baltimore’s City Hall.

    Baltimore’s information technology boss Frank Johnson...is one of the city’s highest paid employees, earning $250,000 a year. That’s more than the mayor, the city’s top prosecutor and the health commissioner are paid..."

    https://wtop.com/baltimore/2019/05/8-days-after-cyberattack-baltimores-network-still-hobbled/
     
  14. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,140
    Wow that is just insanity. I will gladly move to Baltimore to take his job for that kind of salary lol.
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    FBI Flash: Ryuk Ransomware Continues to Attack U.S. Businesses
    May 16, 2019
    https://www.lexblog.com/2019/05/16/fbi-flash-ryuk-ransomware-continues-to-attack-u-s-businesses/
     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    FBI, DHS Investigate Malware Attack in Ada County, Idaho
    May 16, 2019
    https://www.govtech.com/security/FBI-DHS-Investigate-Malware-Attack-in-Ada-County-Idaho.html
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    The Week in Ransomware - May 17th 2019 - BTW, It's NOT Dead
    May 17, 2019
    https://www.bleepingcomputer.com/ne...in-ransomware-may-17th-2019-btw-its-not-dead/
     
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,169
    Location:
    DC Metro Area
    "Analysis of ransomware used in Baltimore attack indicates hackers needed 'unfettered access' to city computers...

    The city of around 92,000 realized April 10 it had fallen prey to hackers — the first known victim of a new strain of so-called ransomware dubbed RobbinHood. Somehow, the attackers gained access to a city administrative account, allowing them to take over the system and sow the virus one computer at a time.
    'Once it had that, it was able to lock our servers and files and everything,'...

    Because the strain is new, it can slip past anti-virus tools and relies on hackers gaining what one security researcher called “unfettered access” to a victim’s system days or perhaps even weeks in advance...

    More attacks could be coming. After Baltimore officials said May 7 that the city had been hit, the National Capital Region Threat Intelligence Consortium, a government intelligence fusion center in Washington, issued a warning that evening. The organization circulated a bulletin saying it 'assesses with moderate confidence that a new ransomware campaign, dubbed RobbinHood Ransomware, is actively targeting government networks within the United States.'...

    RobbinHood could not have spread from machine to machine across a network on its own. Rather, the attackers would have needed to obtain access that would make them appear to be legitimate administrators, and then target individual victim computers..."

    https://www.baltimoresun.com/news/maryland/politics/bs-md-ci-ransomware-attack-20190517-story.html


    Gone Phising
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    The Epidemic Analysis of Ransomware in April 2019
    May 18, 2019
    https://blog.360totalsecurity.com/en/the-epidemic-analysis-of-ransomware-in-april-2019/
     
  20. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,169
    Location:
    DC Metro Area
    "Mayor: City of Baltimore will have to rebuild some IT systems to recover from cyber attack..."

    https://technical.ly/baltimore/2019...some-it-systems-to-recover-from-cyber-attack/

    "Baltimore ransomware nightmare could last weeks more, with big consequences

    Houses can't be sold, bills can't be paid while city networks are shuttered...

    ...Unlike the City of Atlanta—which suffered from a Samsam ransomware attack in March of 2018—Baltimore has no insurance to cover the cost of a cyber attack.

    It's not like the city wasn't warned. Baltimore's information security manager warned of the need for such a policy during budget hearings last year. But the final budget did not include funds for that policy, nor did it include funding for expanded security training for city employees, or other strategic investments that were part of the mayor's strategic plan for the city's information technology infrastructure..."

    https://arstechnica.com/information...-could-last-weeks-more-with-big-consequences/
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    A Closer Look at Satan Ransomware’s Propagation Techniques
    May 20, 2019
    https://www.fortinet.com/blog/threa...k-satan-ransomwares-propagation-technics.html
     
  22. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    Emsisoft releases a free decrypter for JSWorm 2.0 Ransomware
    May 20, 2019
    https://blog.emsisoft.com/en/33239/emsisoft-releases-a-free-decrypter-for-jsworm-2-0-ransomware/
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,646
    Louisville Regional Airport Authority hit by 'ransomware' attack
    May 20, 2019
    https://www.wdrb.com/news/louisvill...cle_3bb91a98-7b2e-11e9-8299-bf6488cd8e45.html
     
  24. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,169
    Location:
    DC Metro Area
    "Cybersecurity experts warn Baltimore to stop 'playing' with ransomware attacks

    Cybersecurity experts say Baltimore is playing with fire as a deadline to pay thousands of dollars in ransom to hackers holding several of the city's servers hostage has come and gone...

    'What's frustrating with Baltimore is that it's been quite a long time since the infection,' Daniel Tobok, CEO of Cytelligence, told Fox News. 'If they aren't fully operational by now, why are they still playing with this?'...

    Tobok, whose company has helped 500 municipalities hit by ransomware attacks, says while he doesn't necessarily advocate paying off cyber crooks, he believes that in some instances 'you don't have a choice, you have to make a business decision.'

    He also warns that if Baltimore keeps stalling, the outcome could be devastating...

    'Baltimore is playing with time,' he said. 'They are going to come to a point where they have two choices - A. The (ransom demands) are going to skyrocket or B. The hackers will shut down the account they have been using and move out.'

    If that happens, any communication or hope of restoring data could be out the window, Tobok said..."

    https://www.foxnews.com/tech/cybers...more-to-stop-playing-with-ransomeware-attacks
     
  25. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    73,017
    Location:
    Texas
    2018 was 'a bad year' for ransomware, but so far 2019 is no better
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.