Cyber threat analysts recently uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components. TrickBot is a module-based malware that, while first identified as a banking trojan, has gradually extended its functions to include collecting credentials from a victim’s emails, browsers and installed network apps. The malware has also evolved to send sp
ransomware (367)
Ransomware actors have been preying on small governments, because it is an easy payday. Small governments have limited cyber threat resources and the demand of their citizens to bring back vital services (immediately). City leaders want to get their services back in operation and running quickly, as voters have long memories. Because it is cheaper than going completely offline, city and county governments often pay the ransom, especially if insurance companies pay the demanded amount or honor
A new ransomware strain called PXJ ransomware (also known as XVFXGW ransomware) was first discovered in late February 2020.[1] Half of the known samples were uploaded from Korea, and it uses a Korean website for a C2, showing predominantly Asian targeting.
Details
The earliest PXJ ransomware sample is from 24 February 2020. It received its name for the .pxj extension that it adds to the files it encrypts. Its alternative name, XVFXGW, refers to the strings in two contact emails (xvfxgw3929@pr
Ransomware as a Service (RaaS) has a nice ring to its name, yet it spells big trouble for all businesses and government alike. Targeted ransomware attacks are likely to increase in 2020 as RaaS continues to evolve into an even more profitable business model for cyber criminals. This is one of the opinions expressed by numerous cyber security experts interviewed at RSA 2020.[1] Dark web researchers are noticing a spike in demand for RaaS applications in hacker forums. The ease of availability
A Massachusetts utility company power station was attacked by ransomware recently, and the company refused to meet attackers' ransom payment demands. The Reading Municipal Light Department (RMLD) was targeted on 21 February 2020 by cyber-criminals trying to extort money by encrypting data in the station's computer system. Unfortunately for them, management opted to hire an outside cyber threat consultant to help them deal with the ransomware infection instead of paying for the return of their
Artificial Intelligence (AI) has been viewed as the right answer to all our questions for the past few years. AI, like a lot of technology, can be used for both Good and Evil. This article explores how AI is being used on both sides of the fight.
Link to the full report: TR-20-054-001_AI hazards.pdf
Does your company have $50 million to spare? That is how much a ransomware attack cost Norsk Hydro in the first quarter of 2019. A total of 22,000 computers had their files forcibly encrypted across 40 countries in which the aluminum producer operates. Employees were using typewriters and manual production lines where possible to operate the business. Norsk Hydro did not pay the hackers’ ransom and was completely honest about what happened. Its approach was praised by both law enforcement and
