Ransomware operators known as the Maze team have been getting media attention for their influence in implementing what is being called a double extortion scheme: attackers gain access to their victim’s network, exfiltrate data, and then lock up the victim’s system with ransomware. They then demand a fee — which may be hundreds of thousands…
Category: Malware
Oil and gas hackers chase bigger pandemic paydays
Christian Vasquez reports: Hackers have leaked hundreds of computer files allegedly stolen from a Houston-based oil and natural gas producer — the latest in a series of ransomware attacks that put a new twist on an old extortion playbook. The hackers behind the “Nefilim” malware say they have stolen over 800 gigabytes of personnel and…
New Ramsay malware can steal sensitive documents from air-gapped networks
Catalin Cimpanu reports: Researchers from cyber-security firm ESET announced today that they discovered a never-before-seen malware framework with advanced capabilities that are rarely seen today. Named Ramsay, ESET says this malware toolkit appears to have been designed to infect air-gapped computers, collect Word and other sensitive documents in a hidden storage container, and then wait…
ZA: Gautrain IT technician illegally installed spyware
Zelda Venter reports: A Gautrain technician has been sentenced to 10 years imprisonment for the unlawful installation of spyware to desktop and laptop computers at the Gautrain Management Agency in Midrand. Information technology technician Obakeng Israel Busang, contracted to Gautrain, was sentenced in the Johannesburg Specialised Commercial Crimes Court following a guilty plea. Read more…
Magellan Health notifies employees whose personal data were exfiltrated in a ransomware attack
Magellan Health is notifying an undisclosed number of employees who information may have been exfiltrated in a ransomware attack. The attack began with a phishing attack on April 6 that impersonated a Magellan client. On April 11, Magellan discovered the breach, and called in Mandiant to investigate. Their investigation revealed that the attackers had exfiltrated…
Maze Team under the spotlight
Maze has seemingly done such a good job getting media attention that we’re also seeing more analyses of their methods. This week, check out this report from FireEye: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents and this report from Sophos: Maze ransomware: extorting victims for 1 year and counting In…