Security News

Australian health insurer Medibank - which spent October discovering a security incident was worse than it first thought - has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers. "Based on the extensive advice we have received from cyber crime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," CEO David Koczkar stated in a stock market filing published on Monday.

A new version of the Fodcha DDoS botnet has emerged, featuring ransom demands injected into packets and new features to evade detection of its infrastructure. The most notable improvement in this botnet version is the delivery of ransom demands directly within DDoS packets used against victims' networks.

Researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations' encryptors. The samples analyzed by Unit 42 show that Ransom Cartel is missing some configuration values, meaning that the authors are either trying to make the malware leaner or that their basis is an earlier version of the REvil malware.

Now Unit 42 says Ransom Cartel shares some similarities with the notorious REvil ransomware-as-a-service gang. The researchers aren't making that leap, but they believe that at one time those cybercriminals behind Ransom Cartel had made contact with their REvil counterparts, maybe as affiliates or in some other position.

Does that mean REvil - which was behind the high-profile attack on Colonial Pipeline last year and essentially went dark just months before Ransom Cartel came to the surface - morphed into the new group and is just continuing with its nefarious ways under a new name? "Based on the fact that the Ransom Cartel operators clearly have access to the original REvil ransomware source code, yet likely do not possess the obfuscation engine used to encrypt strings and hide API calls, we speculate that the operators of Ransom Cartel had a relationship with the REvil group at one point, before starting their own operation," Unit 42 researchers Amer Elsad and Daniel Bunce write in a recent report.

New research from Databarracks reveals 44% of organizations that suffered a ransomware attack, paid the ransom. 34% recovered from backups, while 22% used ransomware decryption tools. The findings...

Damart, a French clothing company with over 130 stores across the world, is being extorted for $2 million after a cyberattack from the Hive ransomware gang. A report from Valéry Marchive, who was able to retrieve a leaked ransom note and published details on LeMagIT, notes that the hackers are not willing to negotiate and expect parent company Damartex to pay the full ransom.

Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. Ransomware remediation firm Coveware has published a report today with ransomware data from the second quarter of 2022 showing that although the average payment increased, the median value recorded a significant drop.

The No More Ransom project celebrates its sixth anniversary today after helping millions of ransomware victims recover their files for free. "Six years later, No More Ransom offers 136 free tools for 165 ransomware variants, including Gandcrab, REvil/Sodinokibi, Maze/Egregor/Sekhmet and more," Europol said Tuesday.

Maastricht University, a Dutch university with more than 22,000 students, said last week that it had recovered the ransom paid after a ransomware attack that hit its network in December 2019. One week later, on December 30, the university decided to pay the ransom to have its files decrypted after deciding that rebuilding all infected systems from scratch or creating a decryptor were not viable options.