The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months. According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy. The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks. Lower than average ransoms A ransomware application called “Mr. Robot” has mostly targeted …
Cybersecurity firm Symantec blocked a ransomware attack by a group known for demanding payment in Bitcoin (BTC) directed at 30 U.S.-based firms and Fortune 500 companies. The announcement published by the cybersecurity firm claims that the Evil Group, the malware gang behind the attacks, targeted the IT infrastructures of the firms. Still, the companies were alerted in time to prevent deployment of the ransomware. The group used the ransomware WastedLocker and managed to breach the security of the victims' networks and unsuccessfully attempted to laying the ground for staging the attacks. Gang asks for million-dollar payments Cointelegraph reported recently a …
Two ransomware gangs reportedly attacked the electronics giant, LG, and Japanese multinational car manufacturer, Mitsubishi. The hackers are now threatening both companies with data leaks. Screenshots posted to the gang’s blog show several files, as well as source code from the attack. No official statement from LG yet As of press time, the electronics giant has not addressed the incident officially. A statement from the ransomware gang alleges that the hackers managed to steal over 40GB of source code from the manufacturer. However, Brett Callow, threat analyst and ransomware expert at malware lab Emsisoft, stated that the alleged proofs don’t …
A new ransomware called CryCryptor is targeting Canadian Android users. It is distributed via multiple websites that pose as portals for a government-backed COVID-19 tracing app. According to research published by ESET on June 24, CryCryptor appeared shortly after Canada's government announced a COVID-19 tracing app that utilizes voluntary information submitted by citizens. Source: ESET Once the victim installs the fake app, the ransomware encrypts all files, leaving a "readme" note with the attacker's email instead of locking the device. For this particular attack, ransom instructions appear to only be distributed via email. An open source ransomware The ransomware’s code …
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
The REvil ransomware gang is auctioning off sensitive information, stolen from debit card services provider, Interacard. According to REvil’s website, the information is available in an auction listing published by the group. All prospective bidders are required to pay using Monero (XMR). REvil has previously only auctioned data in cases where their name-and-shame tactics fail to extract payment from a targeted company. That does not appear to be the case this time, however. Hypothesis behind going directly to the auction stage Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft provided some possible reasons behind REvil’s tactics: “In …
A malware group called Evil Corp is reportedly back in action, having recently launched a new ransomware which asks its victims to pay a million dollar ransom. The group had previously gone quiet after the U.S. Department of Justice charged some of its members in December 2019. According to a report published on June 23 by the cybersecurity firm Fox-IT, a division of NCC Group, Evil Corp has been active since 2007 — the group is considered to be one of the biggest cybercrime teams on the internet. They are known for using the Dridex malware and BitPaymet ransomware. U.S. …
Crozer-Keystone Health System recently suffered a ransomware attack by the NetWalker ransomware gang. The gang is now auctioning the system’s stolen data through its darknet website. If it is not purchased at auction within six days, the gang has vowed to leak the data. On June 19, Cointelegraph was able to access the alleged publication. There appeared to be dozens of folders with an undisclosed amount of data, mostly concerning finances, but nothing related to medical records of patients. The gang claims that Crozer-Keystone Health System failed to pay for the ransom they demanded in Bitcoin (BTC). Crozer-Keystone is a …
Another ransomware attack has hit the Australia-based drinks manufacturer, Lion. This is the second attack on the company in less than one week. The cybercriminals behind the attack are threatening to double the ransom amount if Lion does not pay by the specified date. The currency of choice for the particular attack is Monero (XMR). A report published by The Sydney Morning Herald on June 18 said that Lion's staff were informed that the attack had disrupted its IT infrastructure. Initially, REvil has asked for a ransom of $800,000, to be paid in Monero. If Lion fails to send this …
A study by risk solutions provider, Kroll, indicated that a group of hackers from Russia managed to file fraudulent unemployment claims with the Washington State Employment Security Department, or ESD, through a ransomware attack against a healthcare provider in the US. According to research published on June 17, the firm investigated browser history logs that the cybercriminals reportedly navigated to various Gmail accounts. They then activated two profiles on the ESD site using these email addresses. International organized cybercrime groups appearing in the scene The ransomware attack, launched on May 12, is a Mamba category exploit which uses full disk …
Ransomware group REvil has launched another series of attacks targeting three companies in the U.S. and Canada. As of press time, they have leaked data from two of the companies, and threatened to disclose sensitive data from the third. The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store. First target of the week: an accounting company The gang kicked-off the week by leaking sensitive data from the Canada-based accounting company, Goodman Mintz LLP. The leak included company files, accounting and working documents of clients, …