Helen Pidd and Gregory Robinson report: A council in the north-east of England has admitted that it has suffered a cyber-attack that has disabled its IT servers for the past three weeks, leaving it with a steep bill and concerns among residents that their local government infrastructure is “in danger of collapse”. One Redcar and…
Category: Malware
Ryuk Ransomware Attack in Florida Forces Prosecutor to Drop Charges in Drug Cases
Silviu Stahie reports: A ransomware attack against the police department in Stuart, Florida last year had an unexpected consequence; the police officers had to drop several cases after losing important evidence. Read about it on Hot for Security. The story was first reported by WPTV.
Nemty Ransomware Actively Distributed via ‘Love Letter’ Spam
Sergiu Gatlan reports: Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims. The spam campaign was identified by both Malwarebytes and X-Force IRIS researchers and has started distributing malicious messages yesterday via a persistent stream of emails. Read…
Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT
Daniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker, and Jeremy Kennelly of FireEye write: Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims…
Gadsden ISD has shut down its internet system due to ransomware
KTSM reports: Gadsden Independent School District (GISD) shut down its internet and communication systems, affecting all schools and support service locations, after identifying a virus that may have infected the system yesterday. According to a news release, the disruption has been connected to a virus or ransomware identified as RYUK. Read more on KTSM.
DoppelPaymer Ransomware Launches Site to Post Victim’s Data
First Maze Team did it. Now DoppelPaymer threat actors have followed suit. Lawrence Abrams reports: The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted. Read more on BleepingComputer.