Avaddon, a new ransomware-as-a-service, or RaaS, protocol, is the latest to jump on the crypto extortion bandwagon. Similar to ransomware from groups like Maze and REvil, the Avaddon project offers revenue-sharing for users who successfully deploy the software on unsuspecting victims. According to research by the cyber intelligence firm, DomainTools, RaaS development allows hackers to focus their efforts on malware development, rather than finding new places to deploy their attacks. Developers instead rely on third-party individuals who are looking to generate income by launching their own ransomware campaigns. Speaking with Cointelegraph, Tarik Saleh, senior security engineer and malware researcher at …
Year after year, the ransomware landscape changes dramatically. In 2019, a new resurgence of attacks occurred as businesses and government institutions became the main targets of ransomware, given their capacity to yield larger payouts. The most recent attack was against Garmin, a navigation systems company, on July 23. Due to the attack, many of its online services such as customer support, website functions and company communications were affected. Reportedly, the Russian cybergang Evil Corp launched the attack, demanding $10 million in cryptocurrency to restore access to Garmin’s services. Overall, according to a report by anti-malware software firm Malwarebytes, there was …
The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm. Boyce Technologies is well-known for its work in designing and manufacturing FDA-approved low-cost ventilators in just 30 days during the …
Multinational corporation Canon reportedly fell victim to a ransomware attack launched by Maze group against its email and storage services and its United States website on July 30. Maze has threatened to leak the pics and data if a crypto ransom is not paid. The image.canon site was out for six days, during which it showed updates. It went back into service on Aug. 4. Canon put out a statement that day about the attack, saying there had been no leak of image data, nor thumbnails of the photos stored in its cloud service. However, the severity of the attack …
Cybersecurity firm McAfee released a study showing the activities of NetWalker, a ransomware first known as Mailto that was initially discovered in August 2019. According to the report, the operators of NetWalker have collected over $25 million from ransom payments since March 2020. From March 1 to July 27, the group collected around 2,795 Bitcoin (BTC), purportedly making it one of the most profitable types of ransomware for cybercriminals. According to the report, the Bitcoin transactions received by the gang — where the amount is split among several different addresses — reflects that NetWalker is a "ransomware-as-a-service" malware. Such a …
Multinational tech company Garmin may have paid some or all of a $10 million crypto ransom to hackers who managed to encrypt the firm’s internal network and take down several of its services on July 23. According to an August 1 report from Lawrence Abrams at Bleeping Computer, Garmin’s IT department used a decryptor to regain access to workstations affected by the initial WastedLocker ransomware attack. The malware took down the company’s customer support, navigation solutions, and other online services. The news outlet reported that the existence of such a protocol means “Garmin must have paid the ransom to the …
U.S.-based corporate travel firm CWT paid $4.5 million in a Bitcoin ransom to hackers who stole sensitive files from the company. According to a July 31 report from Reuters, representatives from CWT (formerly Carlson Wagonlit Travel) paid ransomware hackers 414 Bitcoin (BTC) on July 27 — roughly $4.5 million at the time — over two transactions. Blockchain data shows the criminals transferred the funds to a different address within an hour. The attackers said they used Ragnar Locker ransomware to disable access to files on 30,000 computers at the firm and steal sensitive data. They initially demanded $10 million, but …
The No More Ransom decryption tool repository, an initiative launched by Europol to combat ransomware attacks, has saved individuals $632 million in ransom demands since 2016. According to the announcement published by Europol, the repository is celebrating its fourth anniversary. Over the past four years, the repo has gathered over 4.2 million visitors from 188 countries thanks to a compilation of tools from 163 partners. The initiative’s website lists 100 different tools covering 140 different families of ransomware. Covering a wide range of ransomware decryptors The project’s largest contributor is the malware lab, Emsisoft, which has contributed 54 tools so …
Garmin, a multinational tech company, has been operating at less than full capacity following a ransomware attack launched by the Russian cybergang, Evil Corp. Garmin is being extorted for a $10 million ransom, to be paid in cryptocurrency. According to a report published by Bleeping Computer, an unidentified Garmin employee confirmed that the WastedLocker ransomware took down the company’s customer support services, navigation solutions, and other aspects of the U.S.-based firm. The leader of the cybercriminal group is a Russian individual named Maksim Yakubets. A known criminal, Yakubets was indicted by the U.S. Department of Justice in 2019. He was …
Smartwatch maker and data-syncing service provider, Garmin, was the subject of a ransomware attack that took down several of its services on July 23, which managed to encrypt its internal network. According to a series of tweets published by the company, the Garmin Connect website and mobile app were affected by the hackers, plus the call centers and every customer support resources like replying emails, online chats, and handling calls. However, the nature of the attack was unveiled by ZDNet, who also stated that the cybercriminals also targeted flyGarmin, the company’s service that supports its line of aviation navigational equipment. …
Ransomware gang REvil stole over 800 GB of data from ADIF, the Spanish state-owned railway infrastructure manager, after a successful attack deployed on their systems. According to El Español, the authorship of the cyberattack belongs to the well-known ransomware group after they published a post on the official darknet website of REvil on July 22, who boasted of adding another victim. The cybercriminals claimed to have caught over 800 GB in data from the servers of ADIF, although it’s not confirmed how they managed to breach the security of the railway infrastructure manager based in Madrid. REvil didn’t disclose major …
Leading market research and data analytics firm Nielsen has been unable to provide overnight ratings this week for Australian TV viewers as a result of a ransomware attack. The TV ratings were not available on Tuesday and Wednesday night, and local TV blog TV Tonight reports industry sources as saying the overnight ratings may not be available again until early next week. Nielsen said viewing data is still being collected and will be published once the attack is resolved. “We will be sure to keep the industry informed as new information on the matter becomes available,” the spokesperson added. Nielsen …