ransom (14)

Is nothing sacred?  Criminal hackers have reached a new low.  The Municipality of Korneuburg in Austria said it was hit by a ransomware attack, leading to funerals reportedly being canceled and the town hall informing residents its staff can only be reached via telephone.  The small town on the banks of the Danube a few kilometers north of Vienna has a population of under 13,000 people.  In a statement on the municipality’s website, the town hall said its technical department was “working hard t

12264243686?profile=RESIZE_400xA new information stealer named ExelaStealer has become the latest one to become available to the hacker audience.  There are many choices available for off-the-shelf malware designed to capture sensitive data from compromised Windows systems.  ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor creator.

Written in Python and incorporating support for JavaScript, it comes fitted with capabilities to siphon passwords, Discord tokens, credit c

11518839891?profile=RESIZE_400xMany people have wondered what the YKK labeled zipper on their jeans and jackets really meant.  Well, hackers sure knew what YKK stood for: lots of ransom money. Japanese zipper giant YKK confirmed that its US operations were targeted by hackers in recent weeks but said it was able to contain the threat before damage was caused.

The Tokyo-based corporation would not say if it was hit with ransomware, but a spokesperson reported that once YKK discovered that its US-based networks were targeted, t

11001051456?profile=RESIZE_400xItalian sports car maker Ferrari reported on 19 March that a threat actor had demanded a ransom related to customer contact details that may have been exposed in a ransomware attack.  “Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm,” the iconic car maker said.  “In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.”

The company did n

10957305483?profile=RESIZE_400xA ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades.  ION Group, the financial data firm's parent company, said in a statement on its website that the attack began last week.  "The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Group said.  Ransomware is a form of malicious software deployed by criminal gangs which works by encry

10829660692?profile=RESIZE_400xRed Sky Alliance has been supporting cyber security prevention for years.  Prevention works and need to be employed to all cyber defenses.  Cyber-attacks know no boundaries.  They happen everywhere – even in Africa.  Companies are confronted with the increasingly difficult task of safeguarding their expanded digital estate against rising cyber threats. Previously, they'd implement security processes based on the physical network boundary, which was limited to their official premises.

Following t

10661601053?profile=RESIZE_400xThe US Justice Department announced on 19 July 2022 through a complaint filed in the US District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments.  In May 2022, the Federal Bureau of Investigation (FBI) filed a sealed seizure warrant for the funds worth approximately half a million dollars.  The seized funds include ransoms paid by health care providers in Kansas and Colorado.  “Thanks to rapid reporting and cooperation

9785763486?profile=RESIZE_400xRansomware has been a cyber security issue for the past several years and somewhat hits its peak - with the Colonial Pipeline ransomware attack.  Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers until they pay a ransom to cybercriminals.

Ransomware typically operates via the cryptovirology methods or using cryptography (encryption) to design powerful malicious software.  The software then uses sym

9738888867?profile=RESIZE_400xWhen a business, government agency or any other organization gets hit by ransomware and opts to pay a ransom to its attacker in exchange for a decryption key or some other promise, on average it pays $140,000.  This is the average amount disclosed by ransomware incident response firm Coveware, based on thousands of incidents it investigated from July through August 2021.

In a new report detailing Q3 trends, Coveware says that the average ransom payment remained largely steady, compared to Q2, wh

9093802653?profile=RESIZE_400xAt a time when ever escalating ransomware campaigns are making international headlines, it is interesting to see cyber adversaries demanding ransom before launching an attack.  The bad actors are now using marketing techniques to better message their crimes.  Researchers at ProofPoint explain a new and improved DDoS attack demonstrates how bad actors are consistently seeking more means of achieving their goals.  "DDoS attacks have become increasingly easier to launch and have a potentially subst

9089052477?profile=RESIZE_400xThe decision to pay the ransom demanded by the cybercriminal group was to avoid any further issues or potential problems for its customers, according to the company’s CEO.  JBS Foods paid the equivalent of $11 million in ransom after a cyber-attack that forced the company to shut down some operations in the United States and Australia over the Memorial Day weekend.

The company made the payment to cybercriminals to ensure the protection of its data and mitigate any further damage to its customers

8732674301?profile=RESIZE_400xAfter recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back.  BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details.  Ziggy ransomware ceased operations in early February.  In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all

8157844870?profile=RESIZE_400xPreviously, Red Sky Alliance reported on Fancy Bear imposters demanding Bitcoin ransom from a Florida election information website.  These actors send various ransom/scam demands using coronavirus-themed domains covidpapers[.]org and coronaxy[.]com.  In some cases, they threaten with exposure of allegedly hacked personal files, in other cases, with DDoS attack.  They often claim to be Russian government hackers, pretending to be Fancy Bear, Cozy Bear, or Venomous Bear.   Their ransom emails typi

8088194863?profile=RESIZE_400xRed Sky Alliance analysts detected Fancy Bear impersonators targeting a US county election information website. Their DDoS ransom note claims they will take the site down one day before the election if not paid in Bitcoin. This year we see an uptick of similar impersonation emails claiming to be from Fancy Bear, Lazarus Group, or Armada Collective hackers.


Details: Florida Vote Case

Election support infrastructure being vulnerable to ransomware attacks is widely discussed.  But sites going dow