In early June, media outlets reported that the NetWalker ransomware gang had attacked Michigan State University, or MSU. At the time, the gang threatened to leak students’ records and financial documents. The university’s officials now have said that they will not pay the ransom. According to Detroit Free Press, the unspecified bounty requested in crypto by the ransomware group will not be paid by MSU. Officials did not publish an official statement addressing the reasons behind the decision. The attack seems to have happened on the U.S. Memorial Day holiday. It shut down the MSU’s computer systems, and breached its …
Cybersecurity firm, Recorded Future, revealed on June 10 that a ransomware attack named “Thanos” has been promoted on a number of darknet hacking forums since February. According to the report, Recorded Future’s Insikt Group uncovered the new ransomware-as-a-service attack. “Ransomware-as-a-service” methods consist of allowing external hackers to use the ransomware to attack their targets in exchange for adhering to a revenue-share scheme with the developers by splitting profits of 60% - 70% approximately. The major feature of Thanos ransomware Speaking with Cointelegraph, Lindsay Kaye, director of operational outcomes of Insikt Group at Recorded Future, explains further the encryption’s feature used …
Ransomware gang, Maze, strikes again. This time, the victim is a US-based independent advisory firm specializing in the consumer and retail sectors. They have a number of big clients including businesswoman and former Spice Girl, Victoria Beckham. Maze’s official dark web blog lists Threadstone Advisors, LLC as one of their victims following an attack within the last 24 hours. Threadstone Advisors, LLC worked with Victoria Beckham to establish an investment liaison with NEO investment partners. Among the advisory firm’s clients are Charles S. Cohen, Pittsburgh Brewing Co., and Xcel Brands. Stolen data leak is “coming soon” As of press time, …
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
A study by risk solutions provider, Kroll, identified a growing trend in the use of Qakbot trojan, or Qbot, to launch email thread hijacking campaigns and to deploy ransomware attacks. According to the findings in conjunction with analysts from the National Cyber-Forensics and Training Alliance, or NCFTA, cybercriminals seek to steal financial data from multiple industries like media, education, and academia. However, the COVID-19 pandemic has helped the attacks target the healthcare sector as well. The trojan is reportedly being used as a “point of entry” by the operators behind the ProLock ransomware gang. The report suggests that victims are …
A ransomware gang launched an attack on the information technology systems of Florence, Alabama, in May. This attack came despite warnings by cybersecurity firms about possible hacker infiltration into the city’s infrastructure. According to a KrebsOnSecurity report from Monday, city officials intend to pay a ransom of nearly $300,000, citing concerns that failing to do so may result in private citizens having their personal data leaked. If paid, the ransom will be covered in Bitcoin (BTC). DoppelPaymer group behind the ransomware attack Wisconsin-based security firm Hold Security first alerted the city to the threat DoppelPaymer represented to its IT infrastructure, …
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Ransomware group REvil has started another auction on the dark web listing sensitive data stolen from two US-based law firms. The listing appeared June 6 through REvil’s official blog on the darknet, where bidders look to acquire 50GB of data from Fraser Wheeler & Courtney LLP and 1.2TB of data from the database of Vierra Magen Marcus LLP. Information auctioned includes client information, internal documentation of the company, electronic correspondence, patent agreements, business plans and projects, as well as new technologies that have yet to be patented. IP-related law firm among the victims The law firm Vierra Magen Marcus LLP …
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
A study revealed by digital forensics firm, Crypsis Group, shows an actively growing trend in the ransoms demanded by ransomware attackers. Amounts sharply rose 200% from 2018 to 2019. According to the 2020 Incident Response and Data Breach Report, it’s no surprise that cybercriminals have claimed “exorbitant” crypto ransoms in the past three years. The firm pointed out that the median amount of funds demanded as ransom was $115,123. Attackers are getting sophisticated Crypsis Group says attackers are shifting their tactics to enterprise-targeted ransomware. They carefully select victims capable of paying higher sums, with tactics that are “maturing” over time. …
As SpaceX and NASA celebrated their first human-operated rocket launch on May 30, cybercriminals behind a ransomware known as DopplePaymer launched an attack against one of NASA’s IT contractors. According to a blog post by the hackers, the gang managed to breach the network of the Maryland-based Digital Management Inc, or DMI. This company provides IT and cyber-security services to several Fortune 100 companies and government agencies. DopplePaymer hackers leaked almost 20 archive files belonging to NASA through a portal operated by the gang, including HR documents and project plans. Some of the employee details matched with public LinkedIn records. …
A ransomware gang claims to have successfully attacked three universities within the last seven days. They say that their latest attack was against the University of California San Francisco, or UCSF, on June 3. Cointelegraph had access to the evidence published by NetWalker, a group of hackers, on their official dark web blog. In this blog, they claimed to have stolen sensitive data, including student names, social security numbers, and financial information. NetWalker threatened to leak the data in less than a week if crypto payment in Bitcoin (BTC) is not made. The information is from Michigan State, Columbia College …