WION reports: The small archipelago of the South Pacific Ocean, Vanuatu, was attacked by ransomware on 4 November, Friday and stranded the country for over a week. According to civil servants in the government, they noticed that their official emails started bouncing back from government addresses, this was the first sign when they found that…
Category: Malware
Alert (AA22-321A) #StopRansomware: Hive Ransomware
CISA has issued an alert about the Hive ransomware group. Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of…
Updating: Michigan school districts reopen after three-day closure due to ransomware attack
Jonathan Greig reports: Public schools in two Michigan counties are reopening on Thursday after a ransomware attack crippled their ability to function and closed doors to students for three days. All of the public schools in Jackson and Hillsdale counties announced their reopening on Thursday in letters to parents, assuring them that cybersecurity experts, tech officials…
TX: Dallas Central Appraisal District Systems Still Down a Week After Ransomware Attack
Jacob Vaughn reports: The website, servers and email for the Dallas Central Appraisal District, or DCAD, have been inaccessible after the entire system was attacked by hackers last week. DCAD, which appraises Dallas County properties for tax purposes, announced early last week on social media that it was the victim of a ransomware attack, and it…
Medibank defends decision to not pay hackers ransom for stolen data as it contacts 480,000 customers
Nassim Khadem and Daniel Ziffer report: Medibank’s boss says the company will begin directly communicating with nearly half a million customers whose health data is believed to have been stolen, weeks after it first became aware hackers had breached its customer database. Medibank’s chief executive David Koczkar said the company had today started communicating with…
Worok hackers hide new malware in PNGs, while ARCrypter ransomware expands reach from Latam to world
Two reports related to malware: Bill Toulas reports: A threat group tracked as ‘Worok’ hides malware within PNG images to infect victims’ machines with information-stealing malware without raising alarms. This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok’s activity in early…