Ransomware and Recent Variants

Discussion in 'malware problems & news' started by ronjor, Mar 31, 2016.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    City Of Galt Targeted In Ransomware Attack
    December 17, 2019
    https://sacramento.cbslocal.com/2019/12/17/galt-ransomware-hackers-attack/
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    ScreenConnect MSP Software Used to Install Zeppelin Ransomware
    December 18, 2019
    https://www.bleepingcomputer.com/ne...software-used-to-install-zeppelin-ransomware/
    Morphisec: ConnectWise Control Abused Again to Deliver Zeppelin Ransomware
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Prairie insurance and financial brokerage failed to disclose ransomware attack
    Andrew Agencies says breach 'dealt with' after hackers list it as victim
    December 18, 2019

    https://www.cbc.ca/news/technology/andrew-agencies-ransomware-1.5400101?cmp=rss
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,904
    Location:
    U.S.A.
    The hideous part of this attack is the attacker legit installed remote connection management client software is using using TCP port 3460 for communication. So any stateful firewall not monitoring all outbound traffic can be bypassed. Assumed is most if not all AVs are not going to detect the installation. Of note is all cmd.exe and PowerShell activity is initiated and run within the legit ScreenConnect software. Another example that once a network is compromised allowing for external access, anything is possible.
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world
    In December 1989 the world was introduced to the first ever ransomware - and 30 years later ransomware attacks are now at crisis levels
    December 19, 2019

    https://www.zdnet.com/article/30-ye...ations-for-the-malware-taking-over-the-world/
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,951
    Location:
    Here
    How ransomware spreads: 9 most common infection methods and how to stop them
    https://blog.emsisoft.com/en/35083/...ommon-infection-methods-and-how-to-stop-them/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    The Week in Ransomware - December 20th 2019 - Attacks Everywhere
    December 20, 2019
    https://www.bleepingcomputer.com/ne...omware-december-20th-2019-attacks-everywhere/
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    FBI Issues Alert For LockerGoga and MegaCortex Ransomware
    December 23, 2019
    https://www.bleepingcomputer.com/ne...ert-for-lockergoga-and-megacortex-ransomware/
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Truckstop.com struck by malware attack
    December 23, 2019
    https://landline.media/truckstop-com-struck-by-malware-attack/
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Sherwood telemarketing company temporarily shuts down, blames cyber attack ransom
    December 24, 2019
    https://katv.com/news/local/sherwoo...orarily-shuts-down-blames-cyber-attack-ransom
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Andrew Agencies investigates extensive cyberattack
    Incident becomes public following CBC story appearing almost two months after attack
    December 23, 2019
    https://www.weyburnreview.com/andrew-agencies-investigates-extensive-cyberattack-1.24041305
    Andrew Agencies: Andrew Agencies Ltd. – December 19, 2019 Re: Ransomware incident
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    New York comptroller warns Haverstraw that town's computers are vulnerable to ransomware
    December 24, 2019
    https://eu.lohud.com/story/news/loc...mptroller-town-haverstraw-malware/2732523001/
     
  13. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,640
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Computers from Maastricht University hostage to destructive pc software
    December 24, 2019
    https://ourbitcoinnews.com/computers-from-maastricht-university-hostage-to-malicious-software/
     
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,640
    From their website in English:
    https://www.maastrichtuniversity.nl/news/cyber-attack-against-um

     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Ryuk Ransomware Stops Encrypting Linux Folders
    December 26, 2019
    https://www.bleepingcomputer.com/news/security/ryuk-ransomware-stops-encrypting-linux-folders/
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,951
    Location:
    Here
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Town continues to recover from cyberattack
    December 22, 2019
    https://www.ricentral.com/east_gree...cle_4768aa82-2535-11ea-b7a7-1bdc21ed1939.html
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    The Epidemic Analysis of Ransomware in November 2019
    December 27, 2019
    https://blog.360totalsecurity.com/en/the-epidemic-analysis-of-ransomware-in-november-2019/
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility
    December 27, 2019
    https://www.bleepingcomputer.com/ne...-ryuk-ransomware-took-down-maritime-facility/
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Ransomware at IT Services Provider Synoptek
    December 27, 2019
    https://krebsonsecurity.com/2019/12/ransomware-at-it-services-provider-synoptek/
     
  22. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,640
    The following site has articles both in Dutch and in English.
    "UM has been in contact with cybercriminals"
    https://www.observantonline.nl/Engl...82/UM-has-been-in-contact-with-cybercriminals

     
  23. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,640
    Article in Dutch by national broadcaster NOS - 30 Dec 2019 :
    https://nos.nl/artikel/2316708-door...universiteit-maastricht-snel-weer-online.html

    Among other things the article says:
    - Experts from Fox-IT (among others) are investigating it.
    - The local newspaper "De Limburger" is saying: it had contact with Vitali Kremez in New York and he is saying that probably the Russian group TA505 is behind this. (note by me: whether that will be proven, time will tell (or not)...).
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Firm being blackmailed by hackers for $6m obtains Irish court injunction
    Irish-registered company is allegedly linked to a website publishing confidential data
    December 31, 2019

    https://www.irishtimes.com/news/cri...r-6m-obtains-irish-court-injunction-1.4128069
     
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,500
    Truckstop.com is back up and running
    December 31, 2019
    https://landline.media/truckstop-com-is-back-up-and-running/
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.