Security News

First, the crooks steal a trove of company files that they threaten to make public or to sell on to other crooks; then they scramble the data files on all the company's computers in order to bring business to a halt. Recent reports include an attack on fitness tracking company Garmin, which was allegedly blackmailed for $10m and did pay up, though apparently after wangling the amount down into the "Multi-million" range; and on business travel company CWT, which faced a similar seven-figure demand and ended up handing over $4.5m to the criminals to get its business back on the rails.

Barracuda Networks' analysis of ransomware attacks over the past 12 months found that local municipal governments continue to be the preferred target, the amount of ransom demanded is on the rise, and more people are paying out. Municipal governments were subject to 45% of ransomware attacks in the past 12 months, and the other two sectors leading were healthcare with 22%, and education with 15%. Corporations, which made up 27% of ransomware targets in the previous year, dropped to just 14% of targets.

There are three additional, sometimes overlooked sources of early warning clues of ransomware and breaches I have seen yield more direct, actionable insights in my years as an incident response leader. Ransomware attacks are a great example: A company typically calls in incident response once an attacker has detonated their ransomware payload and taken infected machines hostage.

While the ransomware was previously used by advance persistent threat actors, its source code surfaced in March 2020, making it available to a wider breadth of attackers. "The fact Dharma source code has been made widely available led to the increase in the number of operators deploying it," Oleg Skulkin, senior digital forensics specialist with Group-IB, said in an analysis of the attacks posted Monday.

Recent Dharma ransomware attacks show that more Iranian hackers have started to engage in financially-motivated operations, threat hunting firm Group-IB reports. In a report published on Monday, Group-IB revealed that Dharma ransomware attacks observed in June this year were the work of a newly discovered Iranian hacker group, and that organizations in China, India, Japan, and Russia were targeted.

It has not been a good week for major Canadian shipping company Canpar Express. Here's what Canpar Express had to say on the matter: "On 19th Aug 2020 Canpar Express was the target of a ransomware attack that impacted some of our systems. We continue to meet most customer shipping needs and we are not aware of any misuse of client information."

The University of Utah has admitted to handing over a six-figure pile of cash to scumbags to undo a ransomware infection during which student and staff information was stolen by hackers. "After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker," University of Utah says.

The University of Utah coughed up a $457,000 ransom payment after a ransomware attack hit the university's servers, impacting undisclosed student and faculty related data. The university sought to downplay the attack's impact, stressing that no central university IT systems were compromised, and that only.02 percent of the data on the compromised servers was affected by the attack.

The University of Utah on Thursday revealed that it paid approximately $457,000 to ransomware operators after servers in its College of Social and Behavioral Science were compromised. The attack did not affect central university IT systems.

A UK cloud-based warehouse management software provider was struck by ransomware earlier this week. Emails from SnapFulfil, a trading name of Synergy Logistics, sent to its customers late last week and shown to The Register, revealed how a ransomware attack targeted the company's services, disrupting warehouse operations for at least one of its customers.