Tag: ransomware

This major criminal hacking group just switched to ransomware attacks

By iwano@_84

A widespread hacking operation that has been targeting organisations around the world in a phishing and malware campaign which has been active since 2016 has now switched to ransomware attacks, reflecting how successful ransomware has become a money-making tool for cyber criminals.

Dubbed FIN11, the campaign has been detailed by cybersecurity researchers at FireEye Mandiant, who describe the hackers as a ‘well-established financial crime group’ which has conducted some of the longest running hacking campaigns.

The group started by focusing attacks on banks, retailers and restaurants but has grown to indiscriminately target a wide range of sectors in different locations around the world, sending thousands of phishing emails out and simultaneously conducting attacks against several organisations at any one time.

For example, in just one week, Mandiant observed concurrent campaigns targeting pharmaceuticals, shipping and logistics industries in both North America and Europe.

But despite attacks targeting a wide variety of

Read More

Ransomware operators now outsource network access exploits to speed up attacks

By iwano@_84

Ransomware operators are now turning to network access sellers in their droves to cut out a difficult step in the infection process. 

On Monday, Accenture’s Cyber Threat Intelligence (CTI) team released new research on emerging cybersecurity trends, including an investigation into the nature of relationships between ransomware operators and exploit sellers. 

According to Accenture senior security analysts Thomas Willkan and Paul Mansfield, buying network access points and already compromised ways to infiltrate a target system are rising in popularity, including the purchase of stolen credentials and vulnerabilities. 

During attacks, ransomware operators must first find an entry point into a network. Compromised employee accounts, misconfigurations in public-facing systems, and vulnerable endpoints may all be used to deploy this particular family of malicious code, leading to the encryption of files, disks, and a demand for payment in return for a decryption key. 

See also: COVID-19 pandemic delivers extraordinary array of cybersecurity challenges

Read More

Software AG Hit by Data-Stealing Ransomware Attack

By iwano@_84

A major German enterprise software company has become the latest tech name to suffer a likely ransomware attack featuring information theft.

IoT specialist Software AG, which claims to have over 10,000 customers and annual revenue exceeding €800m, revealed the news in a brief update late last week.

The note claimed the attack had been ongoing since Monday and had yet to be fully contained.

“Today, Software AG has obtained first evidence that data was downloaded from Software AG’s servers and employee notebooks. There are still no indications for services to the customers, including the cloud-based services, being disrupted. The company is refining its operations and internal processes continuously,” it explained on October 8.

“Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as

Read More

German tech giant Software AG down after ransomware attack

By iwano@_84

software-ag-logo.png

Image: Software AG

Software AG, one of the largest software companies in the world, has suffered a ransomware attack over the last weekend, and the company has not yet fully recovered from the incident.

A ransomware gang going by the name of “Clop” has breached the company’s internal network on Saturday, October 3, encrypted files, and asked for more than $20 million to provide the decryption key.

Earlier today, after negotiations failed, the Clop gang published screenshots of the company’s data on a website the hackers operate on the dark web (a so-called leak site).

The screenshots show employee passport and ID scans, employee emails, financial documents, and directories from the company’s internal network.

saoftware-ag.png

Image: ZDNet

Software AG disclosed the incident on Monday when it revealed it was facing disruptions on its internal network “due to [a] malware attack.”

The company said that services to customers, including its cloud-based services,

Read More

COVID-19 clinical trials hit as ransomware targets medical software company

By iwano@_84

Clinical trials into a COVID-19 vaccine as well as research into other diseases have been delayed following a ransomware attack on a company that provides software to medical firms.

First reported Saturday by The New York Times, the attack targeted eResearchTechnology Inc., a Philadelphia-based company that specializes in clinical software. The attack is said to have been detected two weeks ago when employees discovered they were locked out of their data by ransomware.

As a result of the ransomware attack, companies using ERT’s software were also affected. Among those were IQVIA Inc., a research organization helping managing AstraZeneca plc’s coronavirus vaccine trial, and Bristol Myers Squibb Co., a drug company leading a consortium of companies developing a quick COVID-19 test.

Clinical trial patients were not affected, but researchers were forced to resort to pen and paper to track patients.

How many companies and health organizations have been affected is unknown.

Read More

Northern California casino shut down by external computer attack, may be ransomware

By iwano@_84

Northern California’s Cache Creek Casino Resort, which has been shut down since Sept. 20 because of what it called a “systems infrastructure failure,” confirmed Wednesday that its computer systems were the target of an outside attack and that the incident is under investigation.

“While our investigation is ongoing, we have confirmed the cause was an external attack on our computer network,” the Yocha Dehe Wintun Nation, owners of the casino, said in response to questions from The Sacramento Bee. “The privacy of our guests and employees is our highest priority and we want to make certain they have some peace-of-mind.

“We are working closely with independent experts who regularly investigate incidents of this type to determine any risks to data security. Attacks like these are significant and can take weeks to research thoroughly.

“If it is determined the personal information of guests or employees was exposed, we will notify affected

Read More

Computer Systems Fail At Major Hospital System After Ransomware Attack

By iwano@_84

Computers at Universal Health Services facilities — which has more than 400 locations, primarily in the U.S. — began to shut down over the weekend in what is described as one of the largest medical cyberattacks ever.


NBC News:
Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History


A major hospital chain has been hit by what appears to be one of the largest medical cyberattacks in United States history. Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend, and some hospitals have had to resort to filing patient information with pen and paper, according to multiple people familiar with the situation. (Collier, 9/28)

Read More

Nevada school district refuses to submit to ransomware blackmail, hacker publishes student data

By iwano@_84

A cybercriminal has published private data belonging to thousands of students following a failed attempt to exhort a ransomware payment from a Nevada school district.

Ransomware is a form of malware that can have a devastating impact on businesses and individuals alike. 

Once a ransomware package has landed and executed on a vulnerable system, files are usually encrypted, access to core systems and networks is revoked, and a landing page is thrown up demanding a payment — usually in cryptocurrencies such as Bitcoin (BTC) or Monero (XMR) in return for a decryption key — which may or may not work.   

See also: Ransomware is your biggest problem on the web. This huge change could be the answer

Ransomware operators target organizations across every sector in the hopes that the fear of disrupting core operations will pressure victims into paying up. It may not be a valid legal expense, but for

Read More

Locked-up computer systems only part of ‘terrifying’ ransomware scourge

By iwano@_84



a circuit board


© Provided by The Canadian Press


TORONTO — A shadowy group of cyber criminals that attacked a prominent nursing organization and Canadian Tire store has successfully targeted other companies with clients in governments, health care, insurance and other sectors.

Posts on their NetWalker “blog” indicate the recent infiltration of cloud-services company Accreon and document company Xpertdoc, although only the College of Nurses of Ontario has publicly acknowledged being victimized.

Experts say NetWalker surfaced about a year ago but its attacks took off in March as the criminals exploited fears of COVID and people working remotely. The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log-in information or inadvertently download malware.

Earlier ransomware attacks focused on encrypting a target’s files — putting them and even backups out of reach. Increasingly, attackers also threaten to publish data stolen during their

Read More

Locked-up computer systems only part of ‘terrifying’ ransomware scourge

By iwano@_84

TORONTO – A shadowy group of cyber criminals that attacked a prominent nursing organization and Canadian Tire store has successfully targeted other companies with clients in governments, health care, insurance and other sectors.

Posts on their NetWalker “blog” indicate the recent infiltration of cloud-services company Accreon and document company Xpertdoc, although only the College of Nurses of Ontario has publicly acknowledged being victimized.

Experts say NetWalker surfaced about a year ago but its attacks took off in March as the criminals exploited fears of COVID and people working remotely. The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log-in information or inadvertently download malware.

Earlier ransomware attacks focused on encrypting a target’s files — putting them and even backups out of reach. Increasingly, attackers also threaten to publish data stolen during their “dwell time,” the days or weeks

Read More