From The DFIR Report: The Ryuk group went from an email to domain wide ransomware in 29 hours and asked for over $6 million to unlock our systems. They used tools such as Cobalt Strike, AdFind, WMI, vsftpd, PowerShell, PowerView, and Rubeus to accomplish their objective. Ryuk has been one of the most proficient ransomware…
Category: Malware
Software AG falls prey to ransomware attack
Earlier this week, Catalin Cimpanu reported Software AG, one of the largest software companies in the world, has suffered a ransomware attack over the last weekend, and the company has not yet fully recovered from the incident. A ransomware gang going by the name of “Clop” has breached the company’s internal network on Saturday, October…
Hackers Share Fairfax County Schools Employees’ SSNs Online
Yesterday, Drew Wilder reported an update to the Fairfax County Public School ransomware incident previously noted on this site: Hackers are sharing more private information after hacking a Virginia public school system’s computer system. Several hundred Fairfax County Public Schools employees’ names and Social Security numbers are now floating around the dark web. That was…
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work
Brian Krebs reports: There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of…
Massachusetts school district shut down by ransomware attack
Lawrence Abrams reports: The Springfield Public Schools district in Massachusetts has become the victim of a ransomware attack that has caused the closure of schools while they investigate the cyberattack. Springfield is the third largest school district in Massachusetts with over 25,000 students, 4,500 employees, and more than sixty schools. Due to the COVID-19 pandemic,…
Hall County, Georgia reports ransomware attack
Hall County first posted a notice about a ransomware attack on October 7. Since then, they have posted updates on their site, including the restoration of their phone services. Nothing has been revealed about who the attackers might be or what any ransom demand might have been. Thanks to @Chum1ng0 for submitting this link.