Lawrence Abrams reports: The DoppelPaymer Ransomware is the latest family threatening to sell or publish a victim’s stolen files if they do not pay a ransom demand. A new tactic being used by ransomware operators that perform network-wide encryption is to steal a victim’s files before encrypting any devices. They then threaten to publish or sell this…
Category: Malware
New ransomware doesn’t just encrypt data. It also meddles with critical infrastructure
Dan Goodin reports on yet another sinister development involving ransomware attacks and strains: A ransomware strain discovered last month and dubbed Ekans contains the usual routines for disabling data backups and mass-encrypting files on infected systems. But researchers at security firm Dragos found something else that has the potential to be more disruptive: code that…
Genesis market 2020 overview, a bazaar for buying data out of compromised computers.
Under The Breach explains: A group of sophisticated hackers team up to sell the data of computers they managed to infect. The site began operating around the beginning of 2019 and only let users with an invitation code to join (it maintains this exclusivity until today). To find a person who has invitation codes is…
More Maze Team victims are revealed
A few developments concerning ransomware attacks by Maze Team: Crossroads Technologies notifies a covered entity about ransomware attack I think I finally have some information on the Crossroads attack claimed by Maze Team on their site. So far, no one — not Crossroads Technologies and not CrossroadsNet have answered my repeated inquiries, despite the fact…
Fondren Orthopedic Group notifies patients after malware incident destroyed patient records
Fondren Orthopedic Group in Texas is notifying patients of Dr. K. Matthew Warnock of a malware incident on November 21, 2019. The attack corrupted and permanently damaged some patients’ records, but there was no evidence that other any records were accessed and copied or exfiltrated. According to their notice to HHS, they are notifying 30,049…
Winnti Group targeting universities in Hong Kong
Mathieu Tartare writes: In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and embedding numerous modules. The Winnti malware was also found at these universities a few weeks…