On June 24, security experts from Palo Alto Networks’ Unit 42 warned about a new self-propagating malware that launches cryptojacking and DDoS attacks against Windows systems. The software operates under the name “Lucifer”. According to the study, Lucifer is a hybrid of cryptojacking and DDoS malware that leverages old vulnerabilities on the Windows platform. Vulnerabilities exploited After breaking the security infrastructure, attackers execute commands that release DDoS attacks. This allows them to install XMRig Miner, a well-known Monero (XMR) mining app, to launch cryptojacking attacks. Palo Alto Networks claims that a related Monero wallet has received 0.493527 XMR so far. …
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
A new report shows that a Kazakhstani hacker built a million dollar fortune by breaching private networks and selling their data. Researchers at threat intelligence company, Group-IB, said that the hacker, who operates under the pseudonym “Fxmsp,” began promoting their services across darknet. They posted data for sale on hacking-related forums, offering valuable resources stolen from private corporate networks. Some customers have taken to calling the hacker “The invisible god of networks.” Millionaire profits for Fxmsp According to the report, the magnitude of Fxmsp’s cybercriminal business is enormous. They reportedly accumulated $1.5 million in profits over three years by targeting …
The REvil ransomware gang is auctioning off sensitive information, stolen from debit card services provider, Interacard. According to REvil’s website, the information is available in an auction listing published by the group. All prospective bidders are required to pay using Monero (XMR). REvil has previously only auctioned data in cases where their name-and-shame tactics fail to extract payment from a targeted company. That does not appear to be the case this time, however. Hypothesis behind going directly to the auction stage Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft provided some possible reasons behind REvil’s tactics: “In …
Crozer-Keystone Health System recently suffered a ransomware attack by the NetWalker ransomware gang. The gang is now auctioning the system’s stolen data through its darknet website. If it is not purchased at auction within six days, the gang has vowed to leak the data. On June 19, Cointelegraph was able to access the alleged publication. There appeared to be dozens of folders with an undisclosed amount of data, mostly concerning finances, but nothing related to medical records of patients. The gang claims that Crozer-Keystone Health System failed to pay for the ransom they demanded in Bitcoin (BTC). Crozer-Keystone is a …
Another ransomware attack has hit the Australia-based drinks manufacturer, Lion. This is the second attack on the company in less than one week. The cybercriminals behind the attack are threatening to double the ransom amount if Lion does not pay by the specified date. The currency of choice for the particular attack is Monero (XMR). A report published by The Sydney Morning Herald on June 18 said that Lion's staff were informed that the attack had disrupted its IT infrastructure. Initially, REvil has asked for a ransom of $800,000, to be paid in Monero. If Lion fails to send this …
Ransomware group REvil has launched another series of attacks targeting three companies in the U.S. and Canada. As of press time, they have leaked data from two of the companies, and threatened to disclose sensitive data from the third. The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store. First target of the week: an accounting company The gang kicked-off the week by leaking sensitive data from the Canada-based accounting company, Goodman Mintz LLP. The leak included company files, accounting and working documents of clients, …
Fantasy-sports company, DraftKing Inc, recently filed a Form S-1 registration statement with the U.S. Securities and Exchange Commission, or SEC. This form indicates that SBTech, a company DraftKing Inc acquired, was hit by a ransomware attack in March. According to the registration form, which is required by the SEC before companies may go public on Nasdaq, SBTech, an online gambling technology provider which merged with DraftKing, suffered the cyber attack before the merger finalized on March 27. The SEC’s filing stated: “On March 27, 2020, SBTech detected a ransomware attack on its network (the“ cybersecurity incident ”). SBTech immediately shut …
Software company and former smartphone manufacturer, BlackBerry, has partnered with Intel to launch a crypto mining and cryptojacking detection system for Intel-based commercial computers. According to the announcement, BlackBerry released “BlackBerry Optics v2.5.1100”, which relies on the BlackBerry Optics Context Analysis Engine, or CAE, to leverage CPU telemetry from Intel Threat Detection Technology to provide enterprises with advanced malware software. This software’s main purpose is to detect cryptojacking attempts. On how the system works, representatives from BlackBerry sent the following comment to Cointelegraph: “BlackBerry and Intel have teamed up to provide a robust defense against cryptojackers in a way unique …
An Israel-based company reportedly paid $250,000 in Bitcoin for a ransom payment demanded by hackers that threatened to shut down its systems after a ransomware attack. According to a source quoted by Calcalist on June 14, Sapiens International Corp. N.V. — a Nasdaq and Tel Aviv-listed software company — didn’t report the decision to the securities’ regulators of either the U.S. or Israel. The ransomware attack happened at some point between March and April, when the COVID-19 outbreak exploded across the globe, forcing most of the company’s employees to switch to remote work. A suspected security breach during the early …
An unidentified ransomware gang attacked the city of Knoxville, Tennessee’s IT network, forcing officers to shut down all systems on June 12. According to local news station WVLT, the attack took place sometime between June 10–11, encrypting all files within the network infrastructure. The attack forced workstations of the internal IT network to be shut down, which also disconnected internet access from the mayor’s infrastructure, public website, and even the Knoxville court. The FBI is currently assisting in the investigation, although the identity of the ransomware group behind the attack has not yet been revealed. The official statement from the …
Ransomware gang REvil, known for launching stolen data auctions on the dark web, is now leaking sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC. The post noted: “You do not want to speak with us and you probably think that we will not publish your data. We are already publishing.” The cybercriminal group stated that they’d created a website and paid for the hosting for a year. They threatened to make the robotics company’s data visible for “a …