Security News

A new Sugar Ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands. Unlikely most ransomware operations you read about in the news, Sugar does not appear to be targeting corporate networks but rather individual devices, likely belonging to consumers or small businesses.

One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply.

Nordic Choice Hotels has now confirmed a cyber attack on its systems from the Conti ransomware group. Earlier this week, Nordic Choice Hotels group announced its IT systems were hit by a "Computer virus" on Thursday, December 2nd. The incident left the hotel staff without access to the hotel's reservation systems that manage check-in, check-out, payments, and bookings.

The US Federal Bureau of Investigation says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year. The ransomware gang's loader of choice, Hancitor, was the culprit, distributed via phishing emails, or via exploit of Microsoft Exchange vulnerabilities, compromised credentials, or Remote Desktop Protocol tools.

The MosesStaff hacking group is aiming politically motivated, destructive attacks at Israeli targets, looking to inflict the most damage possible, researchers warned. Unlike other anti-Zionist hacktivists like the Pay2Key and BlackShadow gangs, which look to extort their victims and cause embarrassment, MosesStaff encrypts networks and steals information, with no intention of demanding a ransom or rectifying the damage.

Cryptomixers have always been at the epicenter of cybercrime activity, allowing hackers to "Clean" cryptocurrency stolen from victims and making it hard for law enforcement to track them. Mixers allow threat actors to deposit illicitly obtained cryptocurrency and then mix it in a large pool of "Random" transactions.

"Ransomware payments in the U.S. have totaled more than $1 billion since 2020. Most notably, this past May, a Russian ransomware attack forced Colonial Pipeline to shut down oil supplies to the eastern United States before the company paid hackers. As disruptive as this hack was, it pales in comparison to what would happen if America's critical financial infrastructure were to be taken offline," he said. "That's why I'm introducing the Ransomware and Financial Stability Act of 2021. This bill will help deter, deny and track down hackers who threaten the financial institutions that make the day-to-day economic activity possible. The legislation will also provide long-overdue clarity for financial institutions that look to Congress for rules of the road as ransomware hacks intensify."

The DOJ said that the money was traced back to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who's also been charged with REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about Aug. 16, 2019. Romanian authorities arrested two suspected REvil operators whom they suspect are behind 5,000 infections and who've allegedly pocketed half a million euros in ransom payments.

Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. MediaMarkt suffered a ransomware attack late Sunday evening into Monday morning that encrypted servers and workstations and led to the shutdown of IT systems to prevent the attack's spread. BleepingComputer has learned that the attack affected numerous retail stores throughout Europe, primarily those in the Netherlands.

Attackers will vow to publicly release the stolen data, try to delete any backups and even deploy DDoS attacks to convince victims to give in to the ransom demands, says Sophos.A new report from security firm Sophos look at 10 ways attackers pressure organizations to pay the demanded ransom.