Dennis Fisher writes: The Russian attack group responsible for distributing the Dridex malware and BitPaymer ransomware and was the target of sanctions from the Department of Justice last year has reemerged with a new strain of ransomware called WastedLocker and an updated distribution framework to install it on victims’ machines. […] The new variant does…
Category: Malware
Ryuk ransomware deployed two weeks after Trickbot infection
Ionut Ilascu reports: Researchers at SetinelOne have detailed the activity observed from logs on a Cobalt Strike server that TrickBot used to profile networks and systems. Once the actor took interest in a compromised network, they used modules from Cobalt Strike threat emulation software for red teams and penetration testers. One component is the DACheck script to check…
Phishing attacks impersonate QuickBooks invoices ahead of July 15 tax deadline
Heads up! Lance Whitney describes the type of campaign CEOs and employees need to remain vigilant about: The campaign analyzed was aimed at a cutting-edge technology company, a tempting target for cybercriminals looking for maximum profits. In the first wave, the cybercriminals spoofed QuickBooks, a product commonly being used in advance of the July 15…
Nefilim Ransomware Gang Tied to Citrix Gateway Hacks
Mathew Schwartz reports: A crime gang seeking “ransomware attack opportunities” is targeting organizations that use unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware and using the threat of exfiltrated data being publicly dumped to try to force payment, New Zealand’s national computer emergency response team warns. In an alert issued…
Florida Orthopedic Institute hit by ransomware
Florida Orthopedic Institute has notified the California Attorney General’s Office of a ransomware attack on April 6. Their notification does not indicate what type of ransomware was involved, or whether they paid any ransom. They are offering their patients identity monitoring services with Kroll, but note that they have no evidence that any patient data…
AL: Tallapoosa County recovers from ransomware attack
Cliff Williams reports: Operations are slowly returning to normal after a weekend ransomware attack on servers at the Tallapoosa County Probate Office. Tallapoosa County probate Judge Talmadge East said no data or personal information was compromised in the Sunday morning attack and servers are allowing new business to be conducted. Read more on The Outlook.