Ransomware Attack Kidnaps Austrian City

Published at: May 31, 2020

Malware team, NetWalker, launched a ransomware attack against the Austrian village of Weiz. This attack affected the public service system and leaked some of the stolen data from building applications and inspections.

According to the cybersecurity firm, Panda Security, hackers managed to penetrate the village's public network through phishing emails related to the COVID-19 crisis.

COVID-19 as bait to deploy the ransomware

The subject of the emails — "information about the coronavirus," — was used to bait employees of Weiz's public infrastructure into clicking on malicious links, thus triggering the ransomware.

Panda Security claims that the attack belongs to a relatively new version of a ransomware family, which spreads using VBScripts. If the infection is successful, it spreads throughout the entire Windows network to which the infected machine is connected.

The report details that the ransomware terminates processes and services under Windows, encrypts files on all available disks, and eliminates backups.

Location of various big companies in Austria

Weiz is a small village that is considered the economic center of the Oststeiermark region, located a few kilometers from the city of Graz.

It is also the place where several big companies, like automaker Magna and construction companies Strobl Construction and Lieb-Bau-Weiz, have established their production plants. This may indicate that the attack was not random, but instead directed to a specific objective.

Netwalker Group recently authored several attacks targeting the healthcare sector across the globe.

Cointelegraph Spanish reported an attack on March 25 which wasperpetrated against hospitals in Spain. This attack also used phishing emails to deploy ransomware to targeted systems.

Tags
Related Posts
Mac Users Beware — New Ransomware Targets Apple Computers
A new ransomware is targeting macOS users who download installers for popular apps via torrent files. Known as EvilQuest, the attack was first spotted by Dinesh Devadoss, a K7 Lab malware researcher. Findings show that EvilQuest has been quite active since the start of June 2020. Malware lab firms, like Malwarebytes, have found the ransomware attached to pirated macOS software distributed mainly through torrent sites and warez forums. Same BTC address used EvilQuest asks victims to pay a ransom through the same static Bitcoin (BTC) address in every documented attack. One of the first signs that EvilQuest has deployed an …
Technology / July 1, 2020
Researchers Say Ransomware Attacks on the Rise as More People Work From Home
A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months. According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy. The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks. Lower than average ransoms A ransomware application called “Mr. Robot” has mostly targeted …
Technology / June 29, 2020
Ransomware Gang Failed to Deploy an Attack Against 30 US Firms
Cybersecurity firm Symantec blocked a ransomware attack by a group known for demanding payment in Bitcoin (BTC) directed at 30 U.S.-based firms and Fortune 500 companies. The announcement published by the cybersecurity firm claims that the Evil Group, the malware gang behind the attacks, targeted the IT infrastructures of the firms. Still, the companies were alerted in time to prevent deployment of the ransomware. The group used the ransomware WastedLocker and managed to breach the security of the victims' networks and unsuccessfully attempted to laying the ground for staging the attacks. Gang asks for million-dollar payments Cointelegraph reported recently a …
Technology / June 28, 2020
Garmin Coming Back Online After Hack — Was $10M Crypto Ransom Paid?
Multinational tech company Garmin may have paid some or all of a $10 million crypto ransom to hackers who managed to encrypt the firm’s internal network and take down several of its services on July 23. According to an August 1 report from Lawrence Abrams at Bleeping Computer, Garmin’s IT department used a decryptor to regain access to workstations affected by the initial WastedLocker ransomware attack. The malware took down the company’s customer support, navigation solutions, and other online services. The news outlet reported that the existence of such a protocol means “Garmin must have paid the ransom to the …
Technology / Aug. 3, 2020
A New Ransomware Deploys Human-Operated Attacks Against Healthcare Sector
Microsoft's security team revealed a new ransomware that is deployed in human-operated attacks. It uses "brute force" against a target company's systems management server, and mainly has targeted the healthcare sector amid the COVID-19 crisis. According to a series of tweets published by the tech giant on May 27, the human-operated ransomware attack, named "PonyFinal", requires hackers to break the security scheme of corporate networks in order to deploy the ransomware manually. That means PonyFinal doesn't rely on tricking the users into launching the payload through phishing links or emails. A Java-based ransomware attack The Java-based Pony Final deploys a …
Technology / May 28, 2020