Discussion in 'malware problems & news' started by ronjor, Mar 31, 2016.
Ransomware Profile: DarkSide
SAC Health System Impacted By Netgain Cyber Incident
May 10, 2021
Volue ASA hit by Ryuk ransomware
QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day
May 14, 2021
The Week in Ransomware - May 14th 2021 - One down, many more to go
May 14, 2021
"The bizarre story of the inventor of ransomware...
The floppy discs were sent to addresses all over the world obtained from a mailing list. Law enforcement traced the effort to a PO box owned by a Harvard-taught evolutionary biologist named Joseph Popp, who was conducting AIDS research at the time.
He was arrested and charged with multiple counts of blackmail, and is widely credited with being the inventor of ransomware, according to security news website CSOnline.com.
'Even to this day, no one really knows why he did this'..."
Insurer AXA hit by ransomware after dropping support for ransom payments
PSA: Threat actors now double encrypting data with multiple ransomware strains
Ransomware victim shows why transparency in attacks matters
Ransomware statistics for 2021: Q1 report
"NZ:Waikato hospitals hit by cyber security incident
Clinical services across all Waikato public hospitals have been seriously affected by a cyber security incident with all phones and computers down.
The DHB said it was experiencing a full outage of its information services.
Resident Doctors Association and Association of Professional and Executive Employees (APEX) national secretary Dr Deborah Powell said it was her understanding the cyberattack was a type of ransomware called "Conti".
She said it appeared to be the same type of attack that targeted Ireland's Department of Health last week.
Clinical services at Waikato, Thames, Tokoroa, Te Kuiti and Taumaranui hospitals are all affected to varying degrees..."
"Tuesday's attack brought the Waikato District Health Board's entire IT network down...
Police were investigating the attack that had affected Waikato testing laboratories, cancer treatments and email, phone and other services.
The crippling attack was also just one among a slew of daily cyber assaults hitting New Zealand's health and hospital network, the Ministry of Health warned..."
"Email attachment believed to have opened door to cyber-attack on Waikato hospitals..."
"Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware
CISA and the Federal Bureau of Investigation (FBI) have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise (IOCs) to help network defenders find and mitigate activity associated with DarkSide ransomware. These IOCs were shared with critical infrastructure partners and network defenders on May 10, 2021.
CISA encourages users and administrators to review AA21-131A for more information."
There's also this https://www.coveware.com/blog/ranso...as-new-software-vulnerability-exploits-abound
But it seems like it's for the Enterprise area, not home users
"FBI: Conti ransomware attacked 16 US healthcare, first responder orgs
The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year.
In an alert made public Thursday...the FBI said the cybercriminals using the malicious software dubbed 'Conti' have targeted law enforcement, emergency medical services, dispatch centers, and municipalities.
'These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S'..."
The Week in Ransomware - May 21st 2021 - Healthcare under attack
"New Zealand Hospitals Under Prolonged IT Outage From Ransom Hack
Systems are still down a week after a ransomware attack disrupted the IT network of five hospitals in the New Zealand district of Waikato, and concerns remain that private patient information may have been exposed..."
"Audio maker Bose discloses data breach after ransomware attack
Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company's systems in early March.
In a breach notification letter filed with New Hampshire's Office of the Attorney General, Bose said that it 'experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across' its 'environment'...
While investigating the ransomware's attack impact on its network, the audio maker discovered that some of its current and former employees' personal information was accessed by the attackers..."
Evolution of JSWorm ransomware
Ransomware gangs' slow decryptors prompt victims to seek alternatives.
"Mexico walls off national lottery sites after ransomware DDoS threat
Access to Mexico's Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks...
Yesterday, the Avaddon ransomware operation stated that they successfully conducted an attack on 'Pronosticos Deportivo,' where they claim to have stolen data and then encrypted the devices. The ransomware gang also threatened to release more documents and to DDoS the victim's website if negotiations did not begin within 240 hours..."
"New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network.
Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility...
Incident responders at cybersecurity company Sophos discovered the new Epsilon Red ransomware over the past week while investigating an attack at a fairly large U.S. company in the hospitality sector..."
"Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses...
'A small set of whitelisted applications is granted privileges to write to protected folders,' the researchers said. 'However, whitelisted applications themselves are not protected from being misused by other applications...'...
An attack scenario devised by the researchers revealed that malicious code could be used to control a trusted application like Notepad to perform write operations and encrypt the victim's files stored in the protected folders. To this end, the ransomware reads the files in the folders, encrypts them in memory, and copies them to the system clipboard, following which the ransomware launches Notepad to overwrite the folder contents with the clipboard data..."
A good reason to set UAC to Always notify. Unless you click the ok button when it prompts. Then it didn't help.
"Mass. Steamship Authority Hit by Ransomware Attack; Ferries Delayed
A ransomware attack on the Steamship Authority of Massachusetts hampered operations Wednesday morning.
The largest ferry service to the islands of Martha's Vineyard and Nantucket, the Steamship Authority issued a statement warning that traveling customers may be delayed as a result..."
Separate names with a comma.