Molly Smith reports: Records of a ransomware attack on the Hidalgo County Sheriff’s Office are nonexistent, leaving little details available with the exception of an investigator’s testimony during a recent trial. HCSO investigator Marco Antonio Mandujano lost data obtained from an early 2017 dump of a sexual assault victim’s cellphone because the computer on which…
Category: Malware
GandCrab ransomware crew loses $1Mil after Bitdefender releases free decrypter
Score one for the good guys. Catalin Cimpanu reports: Bitdefender believes the criminal group behind the GandCrab ransomware has lost an estimated $1 million in ransom payments after the company released a free decryption utility for GandCrab victims last week. The Romanian antivirus maker says that at least 1,700 GandCrab victims were able to successfully…
Civil servant who watched porn at work blamed for infecting a US government network with malware
Zack Whittaker reports: A U.S. government network was infected with malware thanks to one employee’s “extensive history” of watching porn on his work computer, investigators have found. The audit, carried out by the U.S. Department of the Interior’s inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging…
Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks
Brian Krebs reports: The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his former alma mater. Paras Jha, a 22-year-old computer…
TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
FireEye writes: In a previous blog post we detailed the TRITON intrusion that impacted industrial control systems (ICS) at a critical infrastructure facility. We now track this activity set as TEMP.Veles. In this blog post we provide additional information linking TEMP.Veles and their activity surrounding the TRITON intrusion to a Russian government-owned research institute. FireEye…
Free Decrypter Available for the Latest GandCrab Ransomware Versions
Ionut Ilascu reports: A newly released decryptor allows for the free recovery of files encrypted by some versions of GandCrab, a ransomware family that has affected hundreds of thousands of people since the beginning of the year. The free GandCrab decryption tool will decrypt files encrypted by versions 1, 4 and 5 of the ransomware. These versions…