ransomware
Latest
Ransomware attack in Texas targets local government agencies
Ransomware attacks against local governments are still a clear problem, and Texas is discovering this first hand. The state has revealed that 23 government entities reported a ransomware attack on the morning of August 16th. Most of these were "smaller local governments," the Department of Information Resources said, and State of Texas networks and systems weren't hit.
Even DSLR cameras are vulnerable to ransomware
Cameras are among the few devices that don't connect to the internet, so you'd think they'd be immune to hackers. However, researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks, of all things. Once in range of your camera's WiFi, a bad actor could easily install malware that would encrypt your valuable photos unless you paid for a key.
Local governments are still woefully unprepared to fight ransomware
Our state and local governments found themselves under siege in 2019 from William Plunketts for the internet age. But rather than pistols and roadblocks, this new generation of bandits come armed with encryption algorithms and demands for bitcoin. Can today's American cities and counties, long hamstrung by both a lack of interest and funding for cybersecurity efforts ever hope to withstand these digital muggings? Just ask Lake City, Florida.
US Treasury has 'serious concerns' Libra could be used for terrorism
The US government views cryptocurrencies, including Facebook-backed Libra, as a national security issue. In a press conference today, Treasury Secretary Steven Mnuchin said the Treasury Department has "very serious concerns" that Libra could be misused by money launderers, terrorist financiers and other bad players. While the concerns are not entirely surprising, they do make the US government's stance on cryptocurrency more than clear.
Baltimore ransomware attack will cost the city over $18 million
Fresh off dealing with chaos caused by last month's ransomware attack, the city of Baltimore has a new problem to deal with -- the $18 million in damages that came with it.
Ransomware attacks in US cities are using a stolen NSA tool
The ransomware attacks in Baltimore and other US cities appear to have a common thread: they're using NSA tools on the agency's home soil. In-the-know security experts talking to the New York Times said the malware in the cyberattacks is using the NSA's stolen EternalBlue as a "key component," much like WannaCry and NotPetya. While the full list of affected cities isn't available, San Antonio and the Pennsylvania city of Allentown have reportedly been victims of EternalBlue-based campaigns.
Old versions of Windows get a new patch to stop WannaCry-style attacks
Microsoft is trying to head off another WannaCry-style malware outbreak before it starts. The software giant has released fixes for a Remote Desktop Services (aka Terminal Services) vulnerability that could allow "wormable" malware that spreads from computer to computer without requiring any user input. The exploit affects Windows 7, Windows Server 2008 R2 and older releases. Not surprisingly, Microsoft isn't taking any chances. While it's no longer officially supporting Windows XP and Windows Server 2003, it's patching both platforms to prevent ancient PCs (like those used in some business and government scenarios) from falling prey to attacks.
A ransomware attack is holding Baltimore's networks hostage
A ransomware attack brought Baltimore city government's computers to a halt yesterday. The hackers are reportedly holding the city's files hostage, demanding up to 13 Bitcoins (about $76,280) to free the city's systems. As of this afternoon, the city has quarantined the ransomware, the Baltimore Sun reports. But, in a press conference, the city said it is not sure when all of the systems will be functioning again.
Ransomware interrupted a 'The Weather Channel' morning show
On Thursday morning, from 6AM to 7:39AM, viewers weren't able to learn any useful weather information from The Weather Channel. The TV network had to show a taped program instead of airing its morning show AMHQ, because it suffered a security breach that took it off air. In a Twitter post, the company explained that it experienced issues due to a "malicious software attack" and that it was only able to restore live broadcast through backup mechanisms.
Ryuk ransomware banks $3.7 million in five months
The Ryuk ransomware hasn't just causing grief for newspapers -- it's also quite lucrative for its operators. Researchers at CrowdStrike and FireEye both estimate that the code has produced the equivalent of $3.7 million in bitcoin since August, spread across 52 payments. The key, analysts note, is the willingness to be patient and focus on big targets.
Malware stalls delivery of LA Times and other major US newspapers
If you still look forward to reading a physical newspaper now and then, you might have been in for a rude surprise this weekend. An unspecified malware strain has attacked Tribune Publishing's network, delaying the release of Saturday editions of at least some of its papers (including the LA Times, San Diego Union Tribune and South Florida Sun Sentinel) as well as West Coast versions of the New York Times and Wall Street Journal, both of which are printed at the LA Times' Los Angeles plant. It was particularly severe for San Diego residents -- between 85 to 90 percent of Saturday papers didn't reach customers.
US charges Iranian hackers over $30 million ransomware spree
The US is attempting to hold the creators of the infamous SamSam ransomware to account. A federal grand jury has revealed indictments against two Iranian men, Mohammad Mansouri and Faramarz Savandi, for allegedly authoring and wielding SamSam to extort money from a wide range of North American targets, including multiple hospitals, health care companies, state agencies and the city of Atlanta. They've successfully collected $6 million in ransoms so far, according to the Justice Department, and have created over $30 million in losses.
Kelihos botnet operator pleads guilty to hacking and fraud charges
The Kelihos botnet story appears to be winding to a close. Russian Peter Levashov has pleaded guilty to charges relating his operation of the botnet, including intentional damage to a computer, wire fraud, conspiracy and identity theft. He reportedly used Kelihos to spread spam email, collect login details, install ransomware and otherwise attack users' computers, including selling access to the botnet.
A single ransomware creator made almost $6 million
The SamSam ransomware, which throttled the city government of Atlanta earlier this year, netted its creators more than $5.9 million in ransom payments, according to a comprehensive report by UK cybersecurity firm Sophos. The report, which details SamSam's activity since its launch in 2015, also reveals that a lone black hat hacker could've raked in the entire haul by themselves.
Atlanta ransomware attack may cost another $9.5 million to fix
The effects of the "SamSam" ransomware attack against Atlanta's government were much worse than it seemed at first glance. To start, city Information Management head Daphney Rackley revealed at a meeting that more than a third of Atlanta's 424 necessary programs were knocked offline or partly disabled, and close to 30 percent of those affected apps were "mission critical" -- that is, vital elements like the court system and police. The government initially reckoned that essential programs were safe.
Atlanta spends more than $2 million to recover from ransomware attack
Last month, Atlanta's city government was hit with a ransomware attack that caused courthouse documents and services like payment processing to become inaccessible. The ransom demand was approximately $51,000 but according to the city's Department of Procurement, Atlanta has spent much more than that on efforts to rectify the situation. It appears that firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services while Edelman was paid $50,000 for crisis communication services. Overall, the funds seemingly applied to the ransomware attack response add up to approximately $2.7 million.
Boeing: Reports of WannaCry outbreak 'overstated and inaccurate'
This afternoon a report by the Seattle Times cited internal messages showing that aircraft builder Boeing had been hit by the WannaCry ransomware and there were fears it could affect production. Boeing VP Linda Mills tells Engadget in a statement that its network security "detected a limited intrusion of malware that affected a small number of systems," and it shouldn't affect deliveries. Issues with ransomware have not tailed off since last year's worldwide outbreak of WannaCry/NotPetya, and the city of Atlanta's government is still recovering after "SamSam" ransomware locked down some systems last week. Even if this occurrence is as controllable as Boeing believes, it's surely not the last time we'll hear about a large organization suddenly locked out of its own computers.
Atlanta government computers hit by ransomware
The last victim affected by ransomware is the city government of Atlanta, GA. The ninth-largest metro area in the US isn't able to do things like process payments or provide access to courthouse information because some systems are locked down. During a press conference, mayor Keisha Bottoms and newly-appointed COO Richard Cox said that they're working with the FBI, DHS, Microsoft and Cisco to find out what data has been potentially been compromised.The local NBC affiliate reports a ransom note included with the SamSam ransomware is demanding about $51,000 in bitcoin to restore the systems. If it is SamSam, it's part of a family of malware has been active against many government and healthcare systems since late 2015. In January, Talos noted that its makers had already netted over $325,000 in ransom sent to one bitcoin wallet. This particular attack isn't spreading on the level of 2017's NotPetya/WannaCry, but its apparent ability to target critical systems where the owners are likely to pay makes it even more troublesome, spreading first through vulnerable servers and then onto Windows desktops. The Atlanta government said it will be open for business in the morning, and that infrastructure like public safety, water and the airport are unaffected.
Russia denies UK claim it was behind NotPetya cyberattack
The UK government says that Russia is to blame for the destructive NotPetya cyberattack that scrambled major infrastructure around the world in June 2017, costing firms millions. Foreign Office minister Lord Ahmad said that while the attack masqueraded as a criminal enterprise, its purpose was "principally to disrupt" Russia's primary target, Ukraine, and that Russian military was "almost certainly" behind the attack.
A major bug is forcing Microsoft to rebuild Skype for Windows
Skype has fallen afoul of a security flaw that can allow attackers to gain system-level privileges to vulnerable computers, Microsoft has confirmed. However, the company won't immediately fix the issue because doing so would require a complete code overhaul. The bug was discovered by security researcher Stefan Kanthak, who says the Skype update can be tricked into loading malicious code instead of the right library. An attacker would simply need to put a fake DLL into a user-accessible temporary folder, with the name of an existing DLL that could be modified by anyone without system privileges. Anyone trying to hijack your PC would need access to your file system obviously, but according to Kanthak, once system access is granted, an attacker "can do anything". However, the hacker would require physical access to the computer to do this.
