Bill Toulas reports: The new ‘AXLocker’ ransomware family is not only encrypting victims’ files and demanding a ransom payment but also stealing the Discord accounts of infected users. When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer. This token can then be used…
Category: Commentaries and Analyses
Pointer: SuspectFiles interviews Venus ransomware group
Over on SuspectFile, Marco A. De Felice has written up an interview with Venus, a relatively new group in the ransomware landscape. You can read the interview here in both English and Italian. I found Venus’s answers to be a bit confusing at times, but some things do become clear from the interview — they…
AirAsia victim of ransomware attack, passenger and employee data acquired
AirAsia Group* pledges to be responsible when gathering personal information and to protect privacy “in every possible way.” That’s not a contract, mind you, but just an expression of their commitment. On November 11 and 12, AirAsia Group fell victim to a ransomware attack by Daixin Team. The threat actors, who were the topic of…
Have ransomware-type cyberattacks really decreased in 2022?
Marco A. De Felice writes: According to various reports drawn up by analysts and journalists in the information security sector, ransomware-type attacks would be in sharp decline in 2022. A statement that we find in total disagreement. For SuspectFile, the number of victims in all sectors is instead comparable to those experienced in the previous…
Transparency International blasts Malaysian govt for apathetic reaction to data leaks
MalaysiaKini reports: Transparency International Malaysia (TI-M) has expressed deep concern over the recurring pattern of data leaks from Malaysian government agencies that are empowered and entrusted with personal data. “Media reports last week revealed that data from the voting portal MySPR was publicly on sale on the internet. It was also reported that the caretaker…
Disneyland Malware Team: It’s a Puny World After All
Brian Krebs reports: A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The Disneyland Team uses common misspellings for top bank brands in its domains….