Tag Archive : ransomware

/ ransomware

At its rudimentary stage, online extortion was all about bluff and did not use cryptography at all. It hinged upon screen lockers stating that the FBI caught users violating copyright or distributing NSFW content. Victims were instructed to pay a fine via a prepaid service such as MoneyPak or Ukash.

Things have changed dramatically over time. Ransomware operators rethought the range of their intended victims, switching to the enterprise as juicier prey than individuals. In recent years, they also added a data leak strategy and DDoS threats to their genre. As a result, online extortion has matured into one of today’s most detrimental cybersecurity perils.

Ransomware went pro in 2013

The first mainstream file-encrypting ransom Trojan called CryptoLocker made its debut in September 2013. It used an asymmetric 2048-bit RSA cipher

Read More

A major German enterprise software company has become the latest tech name to suffer a likely ransomware attack featuring information theft.

IoT specialist Software AG, which claims to have over 10,000 customers and annual revenue exceeding €800m, revealed the news in a brief update late last week.

The note claimed the attack had been ongoing since Monday and had yet to be fully contained.

“Today, Software AG has obtained first evidence that data was downloaded from Software AG’s servers and employee notebooks. There are still no indications for services to the customers, including the cloud-based services, being disrupted. The company is refining its operations and internal processes continuously,” it explained on October 8.

“Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as

Read More

German tech giant Software AG has been hit by a ransomware attack that caused the company to suspend services.

The attack occurred Oct. 3 and has been attributed to Clop ransomware. As is typical in a ransomware attack in 2020, the company’s files were encrypted and those behind the attack demanded a ransom payment of about $20 million or they would publish internal company data.

Software AG did not pay the ransom and, according to a report on ZDNet Friday, those behind the attack have started to publish internal company information. In one screenshot, the personal details of Software AG Chief Executive Officer Sanjay Brahmawar were published, including a scan of his passport.

The company formally disclosed the ransomware attack in a statement Oct. 5, describing it as a “malware attack.” Although its current recovery status is unknown, for now the company has as its lead story on its website

Read More

software-ag-logo.png

Image: Software AG

Software AG, one of the largest software companies in the world, has suffered a ransomware attack over the last weekend, and the company has not yet fully recovered from the incident.

A ransomware gang going by the name of “Clop” has breached the company’s internal network on Saturday, October 3, encrypted files, and asked for more than $20 million to provide the decryption key.

Earlier today, after negotiations failed, the Clop gang published screenshots of the company’s data on a website the hackers operate on the dark web (a so-called leak site).

The screenshots show employee passport and ID scans, employee emails, financial documents, and directories from the company’s internal network.

saoftware-ag.png

Image: ZDNet

Software AG disclosed the incident on Monday when it revealed it was facing disruptions on its internal network “due to [a] malware attack.”

The company said that services to customers, including its cloud-based services,

Read More

Clinical trials into a COVID-19 vaccine as well as research into other diseases have been delayed following a ransomware attack on a company that provides software to medical firms.

First reported Saturday by The New York Times, the attack targeted eResearchTechnology Inc., a Philadelphia-based company that specializes in clinical software. The attack is said to have been detected two weeks ago when employees discovered they were locked out of their data by ransomware.

As a result of the ransomware attack, companies using ERT’s software were also affected. Among those were IQVIA Inc., a research organization helping managing AstraZeneca plc’s coronavirus vaccine trial, and Bristol Myers Squibb Co., a drug company leading a consortium of companies developing a quick COVID-19 test.

Clinical trial patients were not affected, but researchers were forced to resort to pen and paper to track patients.

How many companies and health organizations have been affected is unknown.

Read More

Northern California’s Cache Creek Casino Resort, which has been shut down since Sept. 20 because of what it called a “systems infrastructure failure,” confirmed Wednesday that its computer systems were the target of an outside attack and that the incident is under investigation.

“While our investigation is ongoing, we have confirmed the cause was an external attack on our computer network,” the Yocha Dehe Wintun Nation, owners of the casino, said in response to questions from The Sacramento Bee. “The privacy of our guests and employees is our highest priority and we want to make certain they have some peace-of-mind.

“We are working closely with independent experts who regularly investigate incidents of this type to determine any risks to data security. Attacks like these are significant and can take weeks to research thoroughly.

“If it is determined the personal information of guests or employees was exposed, we will notify affected

Read More

Computers at Universal Health Services facilities — which has more than 400 locations, primarily in the U.S. — began to shut down over the weekend in what is described as one of the largest medical cyberattacks ever.


NBC News:
Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History


A major hospital chain has been hit by what appears to be one of the largest medical cyberattacks in United States history. Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend, and some hospitals have had to resort to filing patient information with pen and paper, according to multiple people familiar with the situation. (Collier, 9/28)

Read More

A cybercriminal has published private data belonging to thousands of students following a failed attempt to exhort a ransomware payment from a Nevada school district.

Ransomware is a form of malware that can have a devastating impact on businesses and individuals alike. 

Once a ransomware package has landed and executed on a vulnerable system, files are usually encrypted, access to core systems and networks is revoked, and a landing page is thrown up demanding a payment — usually in cryptocurrencies such as Bitcoin (BTC) or Monero (XMR) in return for a decryption key — which may or may not work.   

See also: Ransomware is your biggest problem on the web. This huge change could be the answer

Ransomware operators target organizations across every sector in the hopes that the fear of disrupting core operations will pressure victims into paying up. It may not be a valid legal expense, but for

Read More



a circuit board


© Provided by The Canadian Press


TORONTO — A shadowy group of cyber criminals that attacked a prominent nursing organization and Canadian Tire store has successfully targeted other companies with clients in governments, health care, insurance and other sectors.

Posts on their NetWalker “blog” indicate the recent infiltration of cloud-services company Accreon and document company Xpertdoc, although only the College of Nurses of Ontario has publicly acknowledged being victimized.

Experts say NetWalker surfaced about a year ago but its attacks took off in March as the criminals exploited fears of COVID and people working remotely. The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log-in information or inadvertently download malware.

Earlier ransomware attacks focused on encrypting a target’s files — putting them and even backups out of reach. Increasingly, attackers also threaten to publish data stolen during their

Read More

TORONTO – A shadowy group of cyber criminals that attacked a prominent nursing organization and Canadian Tire store has successfully targeted other companies with clients in governments, health care, insurance and other sectors.

Posts on their NetWalker “blog” indicate the recent infiltration of cloud-services company Accreon and document company Xpertdoc, although only the College of Nurses of Ontario has publicly acknowledged being victimized.

Experts say NetWalker surfaced about a year ago but its attacks took off in March as the criminals exploited fears of COVID and people working remotely. The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log-in information or inadvertently download malware.

Earlier ransomware attacks focused on encrypting a target’s files — putting them and even backups out of reach. Increasingly, attackers also threaten to publish data stolen during their “dwell time,” the days or weeks

Read More