The ransomware gang REvil has launched an auction feature on the dark web in the past 24 hours, starting with the stolen data from a Canadian company and threatening to auction off information hacked from famous singer Madonna next. Cointelegraph accessed information from the first auction campaign conducted by REVil, who detailed that the Agromart Group is the “first batch” of data to be put up for auction, which is the data stolen after a ransomware attack. Madonna’s data auction threat At the bottom of the list, the ransomware gang warned Madonna and “other people” that they could be the …
In a May 28 virtual roundtable before the congressional Subcommittee on National Security, International Development and Monetary Policy, witnesses and congresspeople alike feared that they are not keeping up with criminals hacking the financial system. Criminals have better resumes than government agents One witness, Guillermo Christensen, a partner at law firm Ice Miller, admired the cyber talent operating illegally: “We are always playing catch up with the criminals. [...] It’s very hard to find people who are as qualified as some of these criminal hackers, frankly, to take apart their schemes and trace them.” Another issue is the overclassification of …
A study unveiled on May 28 by the National Police of Colombia shows that ransomware attacks are a rising trend across the country. The report notes that 30% of all ransomware attacks within Latin American have specifically targeted Colombia. The report, made in alliance with Cisco, McAfee, Microsoft, Absolute, Fortinet, and Claro, states that the threat of ransomware in Colombia is “underestimated.” The quantity of Colombian attacks are followed by Peru (16%), Mexico (14%), Brazil (11%), and Argentina (9%), with SMEs being the preferred targets of cybercriminals. The study shows that 83% of companies in the country lack response protocols …
The Blue Mockingbird malware gang has infected more than 1,000 business systems with Monero mining malware since December 2019. The global scale of the hacker group’s operations was revealed by cloud security firm Red Canary on May 26. The report outlined the group’s methodology. The malware attacks servers running ASP.NET applications and exploits a vulnerability to install a web shell on the attacked computer and obtain administrator-level access to modify the server settings. Next, the cybercriminals install the XMRRig application to take advantage of the resources of the infected machines. Most of the infected computers belong to large companies, though …
Educational services across the globe have been witnessing a surge in ransomware attacks in 2020. According to Verizon’s 2020 Data Breach Investigation Report, ransomware attacks account for approximately 80% of all cyberattacks suffered. The data suggests 92% of these incidents were motivated by financial reasons, while only 3% aimed to perform espionage activities on businesses operating within education. A sharp increase in ransomware attacks since 2019 Ransomware attacks are growing at an alarming rate. Currently accounting for an overwhelming majority of all cyberattacks, ransomware was just 48% of the whole during 2019. Phishing is partially to blame here — ransomware …
A new study warns of a new ransomware attack method that runs a virtual machine on target computers in order to infect them with the ransomware. This may play the attack beyond the reach of the computer’s local antivirus software. According to the UK-based cybersecurity firm Sophos, the Ragnar Locker attack is quite selective when choosing its victims. Ragnar’s targets tend to be companies rather than individual users. Almost 1,850 BTC in ransom demanded in a single attack Ragnar Locker asks victims for large amounts of money to decrypt their files. It also threatens to release sensitive data if users …
A new type of ransomware attack emerged in recent months, raising red flags among the cybersecurity community and authorities such as the FBI in the United States. Cybersecurity firm Group-IB has warned that it comes in the form of a Trojan, according to a report published on May 17. According to Group-IB’s study, the ransomware is known as ProLock and relies on the Qakbot banking trojan to launch the attack and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the files. The roster of victims includes local governments, financial, healthcare and retail organizations. Among them, …
Ransomware group Maze claims to have hacked United States egg producer Sparboe in a post on its website. The website of cybercriminal organization Maze recently published a new entry claiming that the group hacked Sparboe. The post includes sample data that the group claims was stolen from the company. Maze: A major cybercrime organization Threat analyst at cybersecurity firm Emsisoft Brett Callow told Cointelegraph that in every hack by Maze so far, the group asked for a ransom in Bitcoin (BTC). There also appears to be no particularly easy and focused way to protect companies from such hacks, as the …
A cybercrime group recently infected two plastic surgery studios with ransomware. They subsequently leaked patient’s social security numbers and other sensitive information onto the internet. Emsisoft threat analyst, Brett Callow, told Cointelegraph on May 5 that Maze recently took credit for hacking a plastic surgeon named Kristin Tarbet. They also claim to have hacked the Ashville Plastic Surgery Institute. He explained that in Tarbet’s case, the hackers have already leaked highly sensitive data: “The data that has been posted included names, addresses, social security numbers as well as what appears to be before and after photos and photos taken during …
A group of hackers dubbed Maze claims to have compromised the infrastructure of Banco BCR, a Costa Rican state-owned bank, and is now threatening to leak millions of credit card numbers. On April 30, Maze claimed that it has scoped out the bank in August 2019: “According to Financial Institutions Protocol this bank had to notify other institutions about the security breach case. But nothing was made. Servers and workstations were not blocked. Private data was not secured. Anyway the Bank decided to conceal information about the breach. Though the security personnel were able to analyze the attack logs and …
Developers at blogging platform Ghost have spent the past 24 hours fighting a crypto mining malware attack. Announced in a status update on May 3, the devs revealed that the attack occurred around 1:30 a.m. UTC. Within four hours, they had successfully implemented a fix and now continue to monitor the results. No sensitive user data compromised Yesterday’s incident was reportedly carried out when an attacker targeted Ghost’s “Salt” server backend infrastructure, using an authentication bypass (CVE-2020-11651) and directory traversal (CVE-2020-11652) to gain control of the master server. The Ghost devs have said that no user credit card information has …
Hackers have infected the infrastructure of Parkview Medical Center — the largest health center in Pueblo County, Colorado — with cryptocurrency ransomware. Citing a hospital employee, Fox News reported on April 24 that Meditech — the Parkview Medical Center’s system for storing patient information — was infected with ransomware and rendered inoperable. The hospital confirmed the incident in a statement: “On Tuesday, April 21, Parkview Medical Center was the target of a cyber-incident which has resulted in an outage in a number of our IT systems.” As Cointelegraph recently reported, ransomware attacks against hospitals are ongoing, despite the fall in …