dcsimg

Sodinokibi ransomware gang auctions off stolen data

Is it legal to buy stolen data from criminals? In most countries the answer would be no. But will it lead to a penalty or a fine? That is a different question and I’m afraid some companies and organizations will be inclined to seriously consider the last question even when they know the answer to the first one. Maybe we can at least agree that it is not ethical or recommended. Why are we asking … [Read more...]

Threat spotlight: RobbinHood ransomware takes the driver’s seat

Despite their name, the RobbinHood cybercriminal gang is not stealing from the rich to give to the poor. Instead, these ransomware developers are more like big game hunters—attacking enterprise organizations and critical infrastructure and keeping all the spoils for themselves. In 2019, the RobbinHood ransomware creators successfully attacked and received ransom payouts from the cities of … [Read more...]

Tampa Bay Times hit with Ryuk ransomware attack

Florida newspaper The Tampa Bay Times suffered a Ryuk ransomware attack Thursday, making it the latest major victim of the notorious ransomware family that continues to rise in popularity. Curiously, the paper is at least the third Florida-based Ryuk victim in the past year. The attack, which The Tampa Bay Times reported on itself, did not result in any breached data. Sensitive customer … [Read more...]

Ransomware continues assault against cities and businesses

Ransomware continues to make waves in the US, forcing multiple cities and organizations into tough choices. Pressed for cash and time, local government organizations are left with few options: Either pay the ransom as soon as possible and encourage criminals to continue bringing essential services to their knees, or refuse and be left with a massive cleanup bill. When a $50,000 ransom becomes … [Read more...]

Radiohead’s ransom response shows novel approach for ransomware victims

Last week, British rock bank Radiohead thwarted an attempted digital ransom, in which unnamed hackers stole roughly 18 hours of unreleased music dating back to the band’s recording of its studio album OK, Computer, revealing some less-than-ok computer security (sorry). Instead of paying a ransom to keep the music secret, Radiohead released the files themselves, giving listeners a chance to … [Read more...]

MegaCortex continues trend of targeted ransomware attacks

MegaCortex is a relatively new ransomware family that continues the 2019 trend of threat actors developing ransomware specifically for targeted attacks on enterprises. While GandCrab apparently shut its doors, several other bespoke, artisanal ransomware families have taken its place, including RobinHood, which shut down the city of Baltimore, Troldesh, and CrySIS/Dharma. Detected by … [Read more...]

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006. We have noticed that this ransomware has become increasingly active lately, increasing by a margin of 148 percent from February until April 2019. The uptick in detections may be due to CrySIS’ effective use of multiple attack vectors. Profile of the CrySIS ransomware CrySIS/Dharma, which Malwarebytes … [Read more...]

A week in security (January 7 – 13)

Last week on the Malwarebytes Labs blog, we took a look at the Ryuk ransomware attack causing trouble over the holidays, as well as a ransom threat for an Irish transportation company. We explored the realm of SSN scams, and looked at what happens when an early warning system is attacked. Other cybersecurity news Password reuse problems. Multiple Reddit accounts reported being locked out after … [Read more...]

Luas data ransom: the hacker who cried wolf?

In a terrible start to the year for Irish tram firm Luas, their site was compromised a week ago and adorned with a stark ransom warning: Click to enlarge You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button. You must pay one bitcoin in five days. Otherwise I will publish all data and send emails to … [Read more...]

Ryuk ransomware attacks businesses over the holidays

While families gathered for food and merriment on Christmas Eve, most businesses slumbered. Nothing was stirring, not even a mouse—or so they thought. For those at Tribune Publishing and Data Resolution, however, a silent attack was slowly spreading through their networks, encrypting data and halting operations. And this attack was from a fairly new ransomware family called Ryuk. Ryuk, which made … [Read more...]