X-Industry

A newly identified group of financially motivated hackers, likely based in a Russian-speaking country, has been running high-volume phishing, ransomware, and extortion campaigns in the United States, Germany, and many other countries for the last four years, using the Clop ransomware and various backdoors in their operations.

Researchers at Mandiant have been tracking the group since 2016 and have responded to a number of intrusions in which the group, known as FIN11, has used initial access to

A new ransomware has emerged online threatening Android security.  This new malware triggers on an infected phone as soon as the victim presses the Home key. Researchers at Microsoft are warning about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note.

The findings concern a variant of a known Android ransomware family called, "MalLocker.B" which has resurfaced with new techniques.  This malware

A US digital marketing provider has exposed almost three million records containing personally identifiable information (PII) after another cloud configuration mistake.  The privacy snafu at Friendemic, whose main clients are reportedly US car dealerships, was discovered by researchers at Comparitech.  As is usual in these cases, the unencrypted data was left exposed to the public Internet with no password or authentication required to access it.  Research earlier this year found that misconfigu

Throughout the USA, State and County election computer networks are still vulnerable to cyber-attacks and Election Day is only 29 days.  In a little-noticed episode in 2016, an unusual number of voters in Riverside, California, complained that they were turned away at the polls during the primary because their voter registration information had been changed.

The Riverside County district attorney, Mike Hestrin, investigated and determined that the voter records of dozens of people had been tampe

The popularity of ransomware threats does not seem to be decreasing. Instead, more and sophisticated ransomware threats are being deployed. Ragnar Locker is a new data encryption malware in this style. 

The actors behind Ragnar Locker partnered with the Maze ransomware gang as a means of extorting victims whose unencrypted data they had stolen.  This continued cooperation between ransomware gangs is a dangerous development.  The sharing of advice. Tactics and a centralized data leak platform bet

French container shipping company CMA CGM was hit by a major cyber-attack on 27 September 2020, which disrupted its daily operations.  According to Lloyd’s of London Intelligence sources, several of the company’s Chinese offices were affected by Ragnar Locker ransomware.   CMA CGM initially claimed that their booking system was disabled by an internal IT issue, but later confirmed “external access to CMA CGM IT applications are currently unavailable” after the ransomware attack.

CMA CGM is worki

A new cybercriminal group called OldGremlin has been targeting Russian companies including banks, industrial enterprises and medical firms with ransomware attacks.

Researchers have said that OldGremlin’s first activities began between late March and early April 2020.  The group took advantage of the COVID-19 pandemic in early lures (a common theme for ransomware strains during this time period, sending financial institutions purported recommendations on how to organize a safe working environment

The back-to-school season has already been stressful for schools and families. Now a spate of ransomware attacks targeting K-12 schools has made it even more challenging.  In May 2020, the FBI warned schools about the increasing risk of ransomware attacks during the pandemic. The agency warned that cyber actors would likely increase targeting of K-12 schools as an "opportunistic target" as more institutions shift from in-person learning to online classes and teachers and staff rely on remote ac

What will happen if the November 2020 election results are tampered, blocked or disappear?  Both parties will cry foul and blame the other party.  Will the voters every really know the final results and how long could it possibly take for both national parties to agree upon an outcome?  The blame may need to be placed with the hackers and ransomware criminals who have been attacking governments, businesses, and organizations with no let-up in sight.  State and local governments and their agencie

Ransomware is here to stay.  Recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) report that there is no end in sight.  There are many versions of ransomware in use and group and nations behind the extortion attempts.  These cyber actors are motivated by money.  Ransomware can be described simply as a type of malware from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.  While some simple ransomware

A recent survey result of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag.  Ponemon's, "Cost of a Data Breach Report 2020" (commissioned by IBM), reveals that despite an apparent decline in the average cost of a data breach from $3.92 million in 2019 to $3.86 million this year the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.  Ponemon's analysis of

Carnival Corporation & PLC is the largest cruise line operator in the world.  In 2019, Carnival pulled in a record revenue of $20.8 billion.  Even with the troubles of 2020, this makes them a significant target for attackers looking to earn a profit. On 15 August 2020, Carnival Corp & PLC detected a ransomware attack that encrypted a portion of one brand’s IT systems.  Attackers not only encrypted the data, but also downloaded certain files indicating some data was stolen. In their SEC filings,

Small and Medium (SMB) sized businesses are facing a growing number of ransomware threats as the programs needed to launch such attacks become more widespread and easier to use.  Also known as the “fast food franchise of cybercrime,” Ransomware-as-a-Service (RaaS) enables even low-level and inexperienced hackers to purchase a ready-made solution for attacking small and medium-sized businesses.[1]

The malicious group named Dharma as one of the most popular offerings around, explaining it provides

New samples of the Ekans ransomware have revealed how today's cyber attackers are using a variety of methods to compromise key industrial companies.  Researchers from our friends at FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems.[1] 

Ekans, which is also referred to as Snake[2], was first identified in February 2020 and early reports indicated that it had been desi

Maze ransomware is a complex piece of malware that uses some tricks to frustrate analysis right from the beginning. The malware starts preparing some functions that appear to save memory addresses in global variables to use later in dynamic calls though it does not actually use these functions later. The operators of the Maze ransomware have published tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts.

The hackers leake

A new strain of ransomware has arisen in Canada, targeting Android users, and locking up personal photos and videos. Named CryCryptor by cyber threat investigators, it has initially been spotted pretending to be the official COVID-19 tracing app provided by Health Canada.  It is propagating via two different bogus websites that pretend to be official.   According to ESET researchers, one called tracershield[dot]ca.  Like other ransomware families, it encrypts targeted files.  But, instead of sim

On June 23, 2020, the US Federal Bureau of Investigation sent out a security alert to K-12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, especially about ransomware gangs that abuse remote desktop connections to break into school systems.

The alert, called a Private Industry Notification, or PIN, tells schools that "cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic targe

Ransomware-as-a-Service (RaaS) is increasing around the world due to the ease of use, and the increasing success that attackers are having in their cyber-attacks. Recently, researchers have observed an increase in the use of a specific piece of malware known as Thanos ransomware.  This malware is unique in that it is the first to advertise the use of the RIPlace tactic.  This tactic allows attackers to evade detection by altering files without being detected by common Anti-Virus engines such as

Ransomware is unfortunately is the new normal for businesses of all segments and sizes and this malware is multiplying quickly.  More than two-dozen US organizations were attacked in recent days by a known threat group attempting to deploy a dangerous new strain of ransomware called WastedLocker.

Had the attacks succeeded, they could have resulted in millions of dollars in damages to the organizations and potentially had a major impact on supply chains in the US, Symantec said in a report on 26

There will be no let-up in ransomware attacks, as it has proven to such a profitable business model of cybercriminals.  The cybersecurity landscape is evolving, and many businesses do not understand how to keep their defenses ahead of the attackers.  While major corporations can spend as much as $1 billion a year, many small companies may not have the budget to hire a cybersecurity vendor to help them keep up with all the technology available needed to deter hackers.  The loss of just a few thou