Elizabeth Montalbano reports: REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests. Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to…
Category: Malware
Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside
WASHINGTON – The Department of Justice today announced that it has seized 63.7 bitcoins currently valued at approximately $2.3 million. These funds allegedly represent the proceeds of a May 8, ransom payment to individuals in a group known as DarkSide, which had targeted Colonial Pipeline, resulting in critical infrastructure being taken out of operation. The…
Anti-ransomware biz ExaGrid ‘paid $2.6m ransomware demand’
Chris Mellor reports: Computer storage supplier ExaGrid has attempted to downplay a report that it paid nearly $3m to criminals who infected its corporate network with ransomware. ExaGrid supplies backup disk storage equipment that features so-called retention time-lock technology with immutable deduplication objects. This is supposed to thwart ransomware attacks in which malware infects not just an…
Jp: Fujifilm refuses to pay ransomware demand, restores network from backups
Robert Scammell reports: Japanese multinational conglomerate Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan last week and is instead relying on backups to restore operations. The company’s computer systems in the US, Europe, the Middle East and Africa are now “fully operational and…
New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions
Lawrence Abrams reports: The new PayloadBIN ransomware has been attributed to the Evil Corp cybercrime gang, rebranding to evade sanctions imposed by the US Treasury Department’s Office of Foreign Assets Control (OFAC). The Evil Corp gang, also known as Indrik Spider and the Dridex gang, started as an affiliate for the ZeuS botnet. Over time,…
Au: NSW Health confirms data breached due to Accellion breach
Asha Barbaschow reports: “Following the NSW government’s advice earlier this year around a world-wide cyber attack that included NSW government agencies, NSW Health is notifying people whose data may have been accessed in the global Accellion cyber attack,” it said in a statement. The state entity said medical records in public hospitals were not affected…