Sergiu Gatlan reports: The FBI issued a second warning this week to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims’ systems. The 20200901-001 Private Industry Notification seen by BleepingComputer on September 1st comes after the MI-000125-MW Flash Alert on the same subject issued by the FBI four months ago, on…
Ransomware Attacks During COVID-19
Michael Buchanan and Andrew Willinger of Patterson Belknap have a post about ransomware attacks on entities involved in COVID-19 research or work on vaccines for it. In their piece, they point to a number of attacks that have been previously covered on this blog, starting with the Maze team attack on Hammersmith Medicines Research in…
Update to Haywood County Schools ransomware attack
There’s an update to the Haywood County Schools ransomware attack previously noted on this site. Lawrence Abrams reports that it was SunCrypt ransomware that was used in the attack, and although the district resumed remote learning on August 31, some school services remain impacted. As part of the double extortion and leak site model that…
AU: Hackers foiled in attempt to steal $90,000 from church abuse survivor in email compromise scam
Airlie Ward reports on yet another case where hackers try to intercept/scam home buyers by posing as their real estate brokers or lawyers and having them wire money to them. In this case, the home buyer was the victim of child sexual abuse by the church, and was using the settlement to buy a home,…
Cyber attack on Lugar Laboratory in Georgia – important information stolen
JAM News reports: A cyber attack has been carried out on the Georgian Ministry of Health and the Lugar laboratory. The Ministry of Internal Affairs says the cyberattack was executed on the territory of a neighboring country. Some of the stolen documents have been uploaded to a foreign website and are available to the general public. The…
No Rest For The Wicked: Evilnum Unleashes PyVil RAT
Research by: Tom Fakterman Over the course of the last few months, the Cybereason Nocturnus team has been investigating the activity of the Evilnum group. The group first emerged in 2018, and since then, Evilnum’s activity has been varied, with recent reports using different components written in Javascript and C# as well as tools bought from the Malware-as-a-Service provider Golden Chickens. The group’s…