dcsimg

How ransomware gangs are connected, sharing resources and tactics

Many of us who read the news daily encounter a regular drum beat of ransomware stories that are both worrying and heartbreaking. And what many of us don’t realize is that they are often interconnected. Some of the gangs behind the ransomware campaigns that we read about have established a relationship among each other that can be described as “being in league with each other”, yet they lack … [Read more...]

A week in security (March 29 – April 4)

Last week on Malwarebytes Labs, our podcast featured Malwarebytes senior security researcher JP Taggart, who talked to us about why you need to trust your VPN. You’ve likely heard the benefits of using a VPN: You can watch TV shows restricted to certain countries, you can encrypt your web traffic on public WiFi networks, and, importantly, you can obscure your Internet activity from … [Read more...]

PYSA, the ransomware attacking schools

The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, read on. What is PYSA ransomware? Home page image of the PYSA data leak site (Courtesy of … [Read more...]

HelloKitty: When Cyberpunk met cy-purr-crime

On February 9, after discovering a compromise, CD Projekt Red (CDPR) announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems (and made it clear they would not yield to the demands of the threat actors, nor negotiate). Cyberpunk 2077, the latest game released by CD Projekt Red and once hailed as the “most anticipated game of the decade”, … [Read more...]

FBI warns of increase in PYSA ransomware attacks targeting education

On March 16, the Federal Bureau of Investigation (FBI) issued a “Flash” alert on PYSA ransomware after an uptick on attacks this month against institutions in the education sector, particularly higher ed, K-12, and seminaries. According to the alert [PDF], the United Kingdom and 12 states in the US have already affected by this ransomware family. #FBI reporting notes a recent … [Read more...]

The Malwarebytes 2021 State of Malware report: Lock and Code S02E04

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we tune in to a special presentation from Adam Kujawa about the 2021 State of Malware report, which analyzed the top cybercrime goals of 2020 amidst the global pandemic. If you just pay attention to the numbers from last year, you might get the wrong idea. After all, malware detections … [Read more...]

Ransomware is targeting vulnerable Microsoft Exchange servers

The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Until now, the name of the game has been compromise and data exfiltration, with a bit of cryptomining on the side. To summarise: In ten days we’ve gone from “limited and targeted attacks” by a nation-state … [Read more...]

REvil ransomware’s calling, and it’s not good news

The REvil ransomware (AKA Sodinokibi, which operates as a Ransomware as a Service) is adopting some outreach techniques after initial compromise, designed to shame victims into paying up. Shaming victims into action Malware authors and social engineers have relied on shame and the threat of exposure for years. Nothing encourages potential victims to pay up like a solid threat. This isn’t … [Read more...]

Clop targets execs, ransomware tactics get another new twist

Ransomware peddlers have come up with yet another devious twist on the recent trend for data exfiltration. After interviewing several victims of the Clop ransomware, ZDNet discovered that its operators appear to be systematically targeting the workstations of executives. After all, the top managers are more likely to have sensitive information on their machines. If this tactic works, and it … [Read more...]