Microsoft is doing its bit to help hospitals and care facilities to protect themselves from human-operated ransomware attacks. In a blog post published today, they write, in part: While a wide range of adversaries have been known to exploit vulnerabilities in network devices, more and more human-operated ransomware campaigns are seeing the opportunity and are jumping on…
Category: Malware
REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation
From Intel471’s Malware Intelligence Team: REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725. REvil is highly configurable and allows operators to customize the way it behaves on the infected…
Kwampirs Malware Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries, including Healthcare Sector
The summary from Private Industry Notification #20200330 by the FBI, issued March 30: Since at least 2016, the FBI has observed an Advanced Persistent Threat (APT) actor conduct a global network exploitation campaign using the Kwampirs Remote Access Trojan (RAT) and is providing additional, non-technical information in an effort to highlight key objectives of the…
Medical and military contractor Kimchuk hit by data-stealing DoppelPayme ransomware
Zack Whittaker reports: Kimchuk, a medical and military electronics maker, has been hit by data-stealing ransomware, TechCrunch has learned. The Danbury, Conn.-based manufacturer, which builds electronics for medical equipment, telecoms systems and energy grids, also makes nuclear modules for the Navy, work that often requires security clearance. Read more on TechCrunch.
Three More Ransomware Families Create Sites to Leak Stolen Data
Lawrence Abrams reports that three more ransomware families have adopted the model of using websites to leak victims’ data if they don’t pay extortion demands: Nefilim Ransomware has launched a site called “Corporate Leaks” CLOP Ransomware — the team behind the Maastricht University attack — has also released a leak site called “>_CL0P^_- LEAKS” and…
Never-before-seen attackers are targeting Mideast industrial organizations
Dan Goodin reports: Researchers have unearthed an attack campaign that uses previously unseen malware to target Middle Eastern organizations, some of which are in the industrial sector. Researchers with Kaspersky Lab, the security firm that discovered the campaign, have dubbed it WildPressure. Read more on Ars Technica.