Ransomware group REvil has started another auction on the dark web listing sensitive data stolen from two US-based law firms. The listing appeared June 6 through REvil’s official blog on the darknet, where bidders look to acquire 50GB of data from Fraser Wheeler & Courtney LLP and 1.2TB of data from the database of Vierra Magen Marcus LLP. Information auctioned includes client information, internal documentation of the company, electronic correspondence, patent agreements, business plans and projects, as well as new technologies that have yet to be patented. IP-related law firm among the victims The law firm Vierra Magen Marcus LLP …
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
ST Engineering Aerospace’s US subsidiary suffered a ransomware attack that managed to extract about 1.5TB of sensitive data from the firm and its partners. According to an article published by The Straits Times on June 6, the Singapore-based company was allegedly attacked by the well-known ransomware gang Maze in March, citing an analysis by cybersecurity firm, Cyfirma. The report details that the data stolen by the criminals is related to contract details with various government, organizations, and airlines across the globe. No additional details were provided on its content. Undetectable for common antiviruses software Cointelegraph had access to an internal …
As free ransomware decryptor tools begin to enter the market, a wave of fake software that claims to decrypt ransomware-affected files has begun to proliferate. According to a report released by Bleeping Computer on June 5, the creators behind Zorab ransomware released a fake STOP Djvu decryptor. Instead of recovering a victim’s data however, this software appears to encrypt their files further with a second ransomware. When the victim opens one of these tools, the software extracts an executable file called crab.exe. This is the Zorab ransomware itself. Once executed, the tool will encrypt all files present with a .ZRB …
Per a new report released by digital-asset intelligence firm CipherTrace on June 2, the value of ill-gotten funds siphoned through cryptocurrency crimes over the first five months of the year stands at a whopping $1.4 billion, thus making 2020 a potentially active year in regard to cryptocurrency-related thefts, hacks and fraud. The report goes on to state that if things continue at the same rate, the total volume of stolen crypto for 2020 has the potential to get close to reaching the $4.5-billion mark set in 2019. Criminals appear to be capitalizing on the ongoing COVID-19 pandemic to target unsuspecting …
A study revealed by digital forensics firm, Crypsis Group, shows an actively growing trend in the ransoms demanded by ransomware attackers. Amounts sharply rose 200% from 2018 to 2019. According to the 2020 Incident Response and Data Breach Report, it’s no surprise that cybercriminals have claimed “exorbitant” crypto ransoms in the past three years. The firm pointed out that the median amount of funds demanded as ransom was $115,123. Attackers are getting sophisticated Crypsis Group says attackers are shifting their tactics to enterprise-targeted ransomware. They carefully select victims capable of paying higher sums, with tactics that are “maturing” over time. …
Malware lab, Emsisoft, released a free decryptor tool on June 4. The tool enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom. Researchers from the BlackBerry’s security unit first discovered the ransomware. They stated in TechCrunch that Tycoon uses a Java file format to make it more difficult to detect before deploying its payload that encrypts the files. How does Tycoon work Speaking with Cointelegraph, Brett Callow, threat analyst of Emsisoft, said: “Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on …
As SpaceX and NASA celebrated their first human-operated rocket launch on May 30, cybercriminals behind a ransomware known as DopplePaymer launched an attack against one of NASA’s IT contractors. According to a blog post by the hackers, the gang managed to breach the network of the Maryland-based Digital Management Inc, or DMI. This company provides IT and cyber-security services to several Fortune 100 companies and government agencies. DopplePaymer hackers leaked almost 20 archive files belonging to NASA through a portal operated by the gang, including HR documents and project plans. Some of the employee details matched with public LinkedIn records. …
A ransomware gang claims to have successfully attacked three universities within the last seven days. They say that their latest attack was against the University of California San Francisco, or UCSF, on June 3. Cointelegraph had access to the evidence published by NetWalker, a group of hackers, on their official dark web blog. In this blog, they claimed to have stolen sensitive data, including student names, social security numbers, and financial information. NetWalker threatened to leak the data in less than a week if crypto payment in Bitcoin (BTC) is not made. The information is from Michigan State, Columbia College …
On June 3, Spain-based telecommunications conglomerate, Telefónica, released a free tool to recover data encrypted by the VCryptor ransomware. The tool, VCrypt Decryptor, was created as part of an international initiative titled “No More Ransomware”. This alliance was established by McAfee, Europol, Politie, and Kaspersky. It is one of several tools that aim to decrypt almost 134 types of ransomware. VCrypt’s attack method According to ElevenPaths, Telefonica’s specialized cybersecurity unit, VCryptor creates a password-protected .zip file in which it stores all encrypted data. It then generates new files with the extension “.vcrypt,” to replace the original files. The ransomware then …
The ransomware gang REvil has launched an auction feature on the dark web in the past 24 hours, starting with the stolen data from a Canadian company and threatening to auction off information hacked from famous singer Madonna next. Cointelegraph accessed information from the first auction campaign conducted by REVil, who detailed that the Agromart Group is the “first batch” of data to be put up for auction, which is the data stolen after a ransomware attack. Madonna’s data auction threat At the bottom of the list, the ransomware gang warned Madonna and “other people” that they could be the …
Malware team, NetWalker, launched a ransomware attack against the Austrian village of Weiz. This attack affected the public service system and leaked some of the stolen data from building applications and inspections. According to the cybersecurity firm, Panda Security, hackers managed to penetrate the village's public network through phishing emails related to the COVID-19 crisis. COVID-19 as bait to deploy the ransomware The subject of the emails — "information about the coronavirus," — was used to bait employees of Weiz's public infrastructure into clicking on malicious links, thus triggering the ransomware. Panda Security claims that the attack belongs to a …