The operators of Ryuk ransomware continue to target hospitals, despite the intense pressures they are already facing as a result of the coronavirus pandemic. On March 27, ‘PeterM’ of British IT security firm Sophos, tweeted that a United States-based healthcare provider had been targeted by Ryuk’s ransomware. PeterM stated that the cyber offensive “looks like a typical Ryuk attack,” posting: “I can confirm that #Ryuk ransomware are still targeting hospitals despite the global pandemic. I'm looking at a US health care provider at the moment who were targeted overnight. Any HC providers reading this, if you have a TrickBot infection …
Black hat hacker group, Maze, claims to have used ransomware to compromise the systems of insurance giant, Chubb. They also claim to have stolen the firm’s data. Brett Callow, threat analyst at cybersecurity firm, Emsisoft, told Cointelegraph on March 27 that Maze published the claim on its website. While the website does not provide any direct proof of the hack so far, Callow pointed out facts that give the claim an air of credibility: “Maze’s past victims include governments, law firms, healthcare providers, manufacturers, medical research companies, healthcare providers and more.” Maze’s modus operandi Callow explained that the group usually …
Cryptocurrency and ransomware have had a long history together. They are so closely intertwined, in fact, that many have blamed the rise of cryptocurrency for a parallel rise in ransomware attacks. Ransomware attacks are certainly increasing — they rose by 118% in 2018 — but it’s not clear that this is due to cryptocurrency. While the vast majority of ransoms are paid in crypto, the transparent nature of these currencies actually means that they are a pretty bad place to hide stolen funds. In this article, we’ll take a look at the relationship between cryptocurrency and ransomware, as well as …
Black hat hacker group Maze has infected the infrastructure of a firm researching the coronavirus with ransomware, managing to steal and publish sensitive data. The hack of medical information Cybersecurity firm Emsisoft told Cointelegraph on March 23 that Maze group’s hackers compromised United Kingdom medical firm Hammersmith Medicines Research. The published data includes sensitive data on medical test volunteers such as id documents like passports, medical background and details of the tests. Emsisoft threat analyst Brett Callow said: “[The data] is on the clear web where it can be accessed by anybody with an internet connection. [...] The criminals almost …
As the novel coronavirus crisis continues, a cybersecurity firm has started offering free help to healthcare providers that fall victim to cryptocurrency-demanding ransomware. According to an announcement on March 18, cybersecurity firm Emsisoft partnered with incident response company Coveware to allow free access to ransomware-related services at no cost to healthcare providers. The initiative aims to get the impacted organizations operational in the shortest time possible to reduce the impact on patient care to a minimum. “A perfect storm” According to the firm, ransomware attacks have a seasonal aspect with the number of incidents spiking during the spring and summer …
Opportunistic hackers are increasingly seeking to dupe victims using websites or applications purporting to provide information or services pertaining to coronavirus. Cybersecurity threat researchers, DomainTools, have identified that the website coronavirusapp.site facilitates the installation of a new ransomware called “CovidLock.” The website prompts its visitors to install an Android application that purportedly tracks updates regarding the spread of COVID-19, claiming to notify users when an individual infected with coronavirus is in their vicinity using heatmap visuals. CovidLock ransomware launches screen lock attack on unwitting victims Despite appearing to display certification from the World Health Organization and the Centers for Disease …
In a meeting today, a United States Senate committee examined new measures to enhance federal reporting for cybersecurity vulnerabilities that threaten “critical infrastructure”. They convened in an attempt to establish new support for state and local governments confronting threats like ransomware. A new era in homeland security? The centerpiece of the March 11 hearing of the Committee on Homeland Security is bill S. 3045, the Cybersecurity Vulnerability Identification and Notification Act of 2019. First introduced in December, the new bill looks to amend the landmark Homeland Security Act of 2002 to include new provisions aimed specifically at cybersecurity. The “Cybersecurity …
A recent presentation from the U.S. Federal Bureau of Investigation, or FBI, shows ransomware hackers have pilfered massive amounts of Bitcoin (BTC) since 2013. Between October 2013 and November 2019, victims paid roughly $144 million in BTC to ransomware hackers, FBI supervisor Joel DeCapua indicated at a Feb. 24 RSA conference. Ransomware takes control During a ransomware breach, nefarious parties take control of a person or entity’s computer systems, demanding payment, often in BTC, to unlock victims’ platforms. DeCapua noted almost all ransomware payments are sent in Bitcoin, and that the bureau's number does not include other related losses victims …
On Feb. 24, Tim Watts, Australia’s Shadow Assistant Minister for Cybersecurity, has published an article in the Financial Review on Feb. 24, criticizing the country’s government for its response to the 2019 “ransomware epidemic.” Watts states that Australia was not immune to last year’s ransomware outbreaks, citing a Victorian government regional health network that shut down their systems after becoming infected. The incident resulted in multiple surgeries being delayed. Watts also notes that during late Jan. 2020, Melbourne-based global transport company Toll “lost the use of up to 1,000 servers in a ransomware attack,” forcing the company to implement manual …
2019 demonstrated that cyber-attacks are getting more numerous in the cryptocurrency industry, while hardware remains vulnerable and high-profile data leaks are becoming more common. Even worse, the trend is a continuing one. Way back in June 2018, Kaspersky Lab security experts reported an increase in the amount of malware targeting the cryptocurrency market. They noted a trend toward the spread of two types of malware: for hacking cryptocurrency wallets and for malicious Bitcoin (BTC) mining. As cybercrimes using digital money have begun to affect more countries and involve more advanced technologies, entire states and government organizations have come to grips …
Hackers compromised five United States law firms and demanded two 100 Bitcoin (BTC) (over $933,000 at press time) ransoms from each firm: one to restore access to the data, one to delete their copy instead of selling it. According to data shared with Cointelegraph by cybersecurity firm Emsisoft, the hacker group — called Maze — already started publishing part of the data stolen from the aforementioned firms. Two of the five law firms were hacked within the 24 hours leading to Feb. 1. The hackers published the data on two websites that were shared with the author of this article, …
A United Kingdom High Court ordered a proprietary injunction on Bitcoin (BTC) obtained through a ransomware attack on a Canadian insurance company. A proprietary injunction is an order which prevents a person from dealing with their own assets when it is subject of a proprietary claim. On Jan. 17, the UK High Court released documents concerning a ransomware attack, in which over 1,000 computers of the insurance company were rendered unusable through the use of malware that encrypted files, making them unaccessible. The unidentified attackers demanded $1.2 million in Bitcoin in exchange for decrypting the data. The firm’s insurer covered …