Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil. According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident. Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and …
In a tweet, Microsoft Security Intelligence (MSI) warned cryptocurrency owners who are also Windows users on August 27 that their funds in crypto wallets might be in danger because of a new malware. The new malware, called Anubis, seems to use code forked from Loki. It steals crypto wallet credentials, credit card details and other valuable information from these Windows users. According to MSI, it first discovered the malware in June in the cybercriminal underground. It has the same name with another potent banking Trojan that has been targeting Android smartphones for months. Source: MSI Tweet MSI stressed that the …
Cybersecurity experts at ESET published an in-depth study about a new malware named “KryptoCibule.” This exploit specifically targets Windows users with three methods of attack, including by installing a crypto mining app, directly stealing crypto wallet files, and replacing copy/pasted wallet addresses as a means to hijack individual transactions. According to the cybersecurity firm, KryptoCibule’s developers rely on the Tor network and BitTorrent protocol to coordinate the attacks. The malware’s original incarnation first appeared in December 2018. At that time, it was merely a Monero mining utility that quietly harvested user’s system resources to generate the currency. By February 2019, …
The Department of Justice has charged Russian citizen Egor Igorevich Kriuchkov with conspiracy to damage a protected computer system after he allegedly bribed an employee of a Nevada company with $1 million in Bitcoin to install malware in that company’s computer system. According to documents from the U.S. District Court of Nevada, Kriuchkov wanted to steal data from the company’s network, then threaten to make that data public unless the company paid a ransom. He first arranged contact with the employee via WhatsApp, then entered the United States on a tourist visa to meet him in person. The District Court …
The crypto price surge since March has been accompanied by a wave of cryptojacking attacks according to new research published by cybersecurity firm Symantec. According to the company there was a 163% increase in browser-based cryptojacking activity in the second quarter of 2020. Cryptojacking had previously been in a steep decline from March 2019 due to the shutdown of the mining script maker, CoinHive. Symantec points out the increase in the last quarter coincided with a surge in the value of Bitcoin (BTC) and Monero (XMR), two cryptocurrencies often mined by the threat actors that rely on browser-based cryptojacking malware. …
Lazarus, a group of hackers who are allegedly backed by North Korea, is now reportedly attacking crypto and blockchain talent through major professional social network, LinkedIn. According to a report by the Finnish cyber security and privacy firm, F-Secure, the latest Lazarus attack was made through a crypto-related job advert on the site. Their investigation indicated that an individual working in the Blockchain space received a phishing message that mimicked a legitimate Blockchain job listing. The message included an MS Word document titled “BlockVerify Group Job Description,” which executed malicious macro code when opened. F-Secure found that the document shares …
The University of Utah’s College of Social and Behavioral Science confirmed that they were hit by a ransomware attack on July 19. According to a statement issued by the University, the gang left many computers inaccessible for several hours as staff took servers offline to prevent the malware from spreading to other machines on the school’s network. Following internal discussion, officials decided to work with the school’s cyber insurance provider to pay a $457,059 ransom in order to prevent a data leak. Staff from the university clarified that the insurance policy paid part of the ransom and they covered the …
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Ransomware gang REvil, known also as Sodinokibi, claims to have mounted a successful attack against the U.S. wine and spirits giant, Brown-Forman Corp — but the company claims otherwise. The company is the official manufacturer of Jack Daniels whiskey. According to cybersecurity services provider, AppGate, the famous alcoholic beverages manufacturer did fall victim to an attack but refused to pay the ransom demanded by REvil. However, Brown-Forman Corp told Infosecurity-Magazine in a statement they had successfully prevented cybercriminals from encrypting its files. This does not necessarily mean the gang’s claim to have compromised the internal network and stolen sensitive data …
Avaddon, a new ransomware-as-a-service, or RaaS, protocol, is the latest to jump on the crypto extortion bandwagon. Similar to ransomware from groups like Maze and REvil, the Avaddon project offers revenue-sharing for users who successfully deploy the software on unsuspecting victims. According to research by the cyber intelligence firm, DomainTools, RaaS development allows hackers to focus their efforts on malware development, rather than finding new places to deploy their attacks. Developers instead rely on third-party individuals who are looking to generate income by launching their own ransomware campaigns. Speaking with Cointelegraph, Tarik Saleh, senior security engineer and malware researcher at …
The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm. Boyce Technologies is well-known for its work in designing and manufacturing FDA-approved low-cost ventilators in just 30 days during the …
Multinational corporation Canon reportedly fell victim to a ransomware attack launched by Maze group against its email and storage services and its United States website on July 30. Maze has threatened to leak the pics and data if a crypto ransom is not paid. The image.canon site was out for six days, during which it showed updates. It went back into service on Aug. 4. Canon put out a statement that day about the attack, saying there had been no leak of image data, nor thumbnails of the photos stored in its cloud service. However, the severity of the attack …