ransomware (55)

6440209290?profile=RESIZE_400xThere will be no let-up in ransomware attacks, as it has proven to such a profitable business model of cybercriminals.  The cybersecurity landscape is evolving, and many businesses do not understand how to keep their defenses ahead of the attackers.  While major corporations can spend as much as $1 billion a year, many small companies may not have the budget to hire a cybersecurity vendor to help them keep up with all the technology available needed to deter hackers.  The loss of just a few thou

6244931697?profile=RESIZE_400x2020, a year that will be remembered for many reasons.  Stories will be told to children and grandchildren of when we all had to wear face masks, stand 6 feet apart, there were no sports, and where people were not permitted to hug or shake hands.  Then there was the next economic collapse and subsequent worldwide insurrection.  For those who hunt cybercriminals and attempt to expose criminal and state-sponsored hacking operations and techniques, the blurring of the lines between what constitutes

6014420079?profile=RESIZE_400xMaze Ransomware hackers, previously known in the hacker community as “ChaCha Ransomware,” was discovered on 29 May 2020 by Jerome Segura, a malware intelligence officer.  The main goal of ransomware is to encrypt all files in an infected system and subsequently demand a ransom to recover the files.  The threat actor who took credit for compromising an insurance giant , seems to continue its attacking spree with full intensity.  It is currently targeting the aerospace sector, specifically mainten

5887188088?profile=RESIZE_400xLike any profitable business model, ransomware gangs continue to innovate and increase their business.  Recently, reports have emerged of a collaboration between the Maze and Lockbit gangs, as well as the REvil, aka Sodinokibi, operators not leaking stolen data for free when victims do not pay, but instead auctioning it off to the highest bidder.

Here are some of the latest ransomware trends noted by cyber analysts: IR-20-164-002_Ransomware Trends.pdf

5769575663?profile=RESIZE_400xAs cyberattacks rise, so does the call by business leaders and shareholders to be ready to respond to a cyber incident.  Cyber insurance and a solid Incident Response plan are two critical components to make your company resilient.

Cyber attorney Shawn Tuma says one of these things is likely to influence the other, which surprises many organizations and may surprise you.  Tuma is Co-Chair of the Data Privacy and Cybersecurity Practice at law firm Spencer Fane, www.spencerfane.com.

Tuma explains

4787284265?profile=RESIZE_400xSeveral private cyber security research firms, along with the US Department of Justice, Federal Bureau of Investigation (FBI) are sharing an important warning report on a new ransomware campaign.  As of March 2020, authorities received notification that the ransomware variant ProLock had infected multiple organizations in the US to include healthcare organizations, government entities, financial institutions, and retail organizations.  ProLock was previously released as ‘PwndLock ransomware’ in

4472992398?profile=RESIZE_400xEven the largest companies can become victims of ransomware attacks by targeting supply chain members. A third-party ransomware attack has documents from Boeing, Lockheed Martin, SpaceX, and Tesla published for the world to see. These "high end" ransomware demands are now being called "nuclear" ransomware.  

The attack hit Visser, a manufacturing and design contractor for several prominent aerospace and defense companies. Here is how things unfolded, according to The Register: "The data was pilf

4304188497?profile=RESIZE_710xOur Friends at the FBI issued a cyber bulletin on 04 01 2020.  This was no April Fool's Joke, but a serious cyber warning on the Sodinokibi Ransomware (pic: tgsoft.it), also known as REvil, Bluebackground, or Sodin.  Red Sky Alliance / Wapack Labs was already researching this ransomware.  Last week, Jesse Burke our Chief of Special Operations, provided a brief on Sodinokibi Ransomware.  Look to your right (Did you miss the March Cyber Intelligence Briefing (CIB). Topics: Coronavirus Lures and Bu

4247419524?profile=RESIZE_710xCyber threat analysts recently uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components.  TrickBot is a module-based malware that, while first identified as a banking trojan, has gradually extended its functions to include collecting credentials from a victim’s emails, browsers and installed network apps.  The malware has also evolved to send sp

4246314441?profile=RESIZE_710xRansomware actors have been preying on small governments, because it is an easy payday.  Small governments have limited cyber threat resources and the demand of their citizens to bring back vital services (immediately).  City leaders want to get their services back in operation and running quickly, as voters have long memories.  Because it is cheaper than going completely offline, city and county governments often pay the ransom, especially if insurance companies pay the demanded amount or honor

4157799936?profile=RESIZE_710xA new ransomware strain called PXJ ransomware (also known as XVFXGW ransomware) was first discovered in late February 2020.[1]  Half of the known samples were uploaded from Korea, and it uses a Korean website for a C2, showing predominantly Asian targeting.

Details

The earliest PXJ ransomware sample is from 24 February 2020.  It received its name for the .pxj extension that it adds to the files it encrypts.  Its alternative name, XVFXGW, refers to the strings in two contact emails (xvfxgw3929@pr

3986905201?profile=RESIZE_710xRansomware as a Service (RaaS) has a nice ring to its name, yet it spells big trouble for all businesses and government alike.  Targeted ransomware attacks are likely to increase in 2020 as RaaS continues to evolve into an even more profitable business model for cyber criminals.  This is one of the opinions expressed by numerous cyber security experts interviewed at RSA 2020.[1]  Dark web researchers are noticing a spike in demand for RaaS applications in hacker forums.  The ease of availability

3957006398?profile=RESIZE_710xA Massachusetts utility company power station was attacked by ransomware recently, and the company refused to meet attackers' ransom payment demands.  The Reading Municipal Light Department (RMLD) was targeted on 21 February 2020 by cyber-criminals trying to extort money by encrypting data in the station's computer system.  Unfortunately for them, management opted to hire an outside cyber threat consultant to help them deal with the ransomware infection instead of paying for the return of their

3836726219?profile=RESIZE_710xDoes your company have $50 million to spare? That is how much a ransomware attack cost Norsk Hydro in the first quarter of 2019.  A total of 22,000 computers had their files forcibly encrypted across 40 countries in which the aluminum producer operates. Employees were using typewriters and manual production lines where possible to operate the business.  Norsk Hydro did not pay the hackers’ ransom and was completely honest about what happened. Its approach was praised by both law enforcement and