I honestly cannot think of a more ironic name for a blog than the Sodinokibi (REvil) ransomware operators calling their website “Happy Blog.” Reading their updates today, they certainly didn’t seem happy, especially with Coveware, a firm that has assisted numerous ransomware victims. The firm’s services include helping negotiate ransom amounts and payment. But something…
Category: Malware
AKO ransomware operators put some hurt on pain management doctors
Ransomware operators known as the Maze team have been getting media attention for their influence in implementing what is being called a double extortion scheme: attackers gain access to their victim’s network, exfiltrate data, and then lock up the victim’s system with ransomware. They then demand a fee — which may be hundreds of thousands…
Oil and gas hackers chase bigger pandemic paydays
Christian Vasquez reports: Hackers have leaked hundreds of computer files allegedly stolen from a Houston-based oil and natural gas producer — the latest in a series of ransomware attacks that put a new twist on an old extortion playbook. The hackers behind the “Nefilim” malware say they have stolen over 800 gigabytes of personnel and…
New Ramsay malware can steal sensitive documents from air-gapped networks
Catalin Cimpanu reports: Researchers from cyber-security firm ESET announced today that they discovered a never-before-seen malware framework with advanced capabilities that are rarely seen today. Named Ramsay, ESET says this malware toolkit appears to have been designed to infect air-gapped computers, collect Word and other sensitive documents in a hidden storage container, and then wait…
ZA: Gautrain IT technician illegally installed spyware
Zelda Venter reports: A Gautrain technician has been sentenced to 10 years imprisonment for the unlawful installation of spyware to desktop and laptop computers at the Gautrain Management Agency in Midrand. Information technology technician Obakeng Israel Busang, contracted to Gautrain, was sentenced in the Johannesburg Specialised Commercial Crimes Court following a guilty plea. Read more…
Magellan Health notifies employees whose personal data were exfiltrated in a ransomware attack
Magellan Health is notifying an undisclosed number of employees who information may have been exfiltrated in a ransomware attack. The attack began with a phishing attack on April 6 that impersonated a Magellan client. On April 11, Magellan discovered the breach, and called in Mandiant to investigate. Their investigation revealed that the attackers had exfiltrated…