Brian Krebs reports: The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his former alma mater. Paras Jha, a 22-year-old computer…
Category: Malware
TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
FireEye writes: In a previous blog post we detailed the TRITON intrusion that impacted industrial control systems (ICS) at a critical infrastructure facility. We now track this activity set as TEMP.Veles. In this blog post we provide additional information linking TEMP.Veles and their activity surrounding the TRITON intrusion to a Russian government-owned research institute. FireEye…
Free Decrypter Available for the Latest GandCrab Ransomware Versions
Ionut Ilascu reports: A newly released decryptor allows for the free recovery of files encrypted by some versions of GandCrab, a ransomware family that has affected hundreds of thousands of people since the beginning of the year. The free GandCrab decryption tool will decrypt files encrypted by versions 1, 4 and 5 of the ransomware. These versions…
Cyber attack exposed information for 40,000 patients of Sioux City vision clinic
Mason Doktor reports that Jones Eye Clinic and CJ Elmwood Partners, L.P., an affiliated surgery center, experienced a ransomware attack on the evening of August 22. The attack affected 40,000 patients seen between Jan. 1, 2003 and Aug. 23. The providers were able to restore from backup and did not pay any ransom. Their full notice…
Burned malware returns, says Cylance report: Is Hacking Team responsible?
J. M. Porup reports: Burning malware is like Hercules fighting the nine-headed Hydra. For every head he cuts off, two more grow back in its place. That’s the lesson from a new report by Cylance today, and one both enterprise network defenders—and the public at large—should pay attention to. Cyber mercenaries sell malware to oppressive…
National Ambulatory Hernia Institute notifies almost 16,000 patients of Gamma ransomware attack
On October 5, HHS received a HIPAA breach notification from the National Ambulatory Hernia Institute in California. According to the notification, the incident affected 15,974 patients. A notice prominently displayed on NAHI’s site explains that there was a ransomware incident on September 13. URGENT NOTICE – DATA BREACH SUSPECTED URGENT NOTICE: Our office has experienced a…