Security News
The developers of the Mac malware named ThiefQuest continue to improve their creation and researchers noticed that the latest versions of the threat no longer include ransomware functionality. Security experts noticed that the ransomware functionality was incomplete and the main goal of the malware was likely not to help threat actors make a profit from the ransom paid by victims.
Blackbaud, a cloud software provider specializing in fundraising suites for charities and educational institutions, quietly paid off a ransomware attacker - and then got around to telling customers about it a full two months later. "After discovering the attack, our Cyber Security team - together with independent forensics experts and law enforcement - successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system," said Blackbaud.
A total of seven ransomware families have been found to target processes associated with operational technology software, and FireEye this week published an analysis of these pieces of malware. Many ransomware families are designed to kill certain types of running processes.
A report released Wednesday by security provider Positive Technologies discusses the trends of ransomware attacks during the first quarter of 2020. For its "Cybersecurity Threatscape Report for Q1 2020," Positive Technologies found that more than a third of malware-based cyberattacks during the quarter were ransomware attacks.
Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J Serna says the company is aware of a "Threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network, exfiltration of data, and attempts to escalate privileges to launch a ransomware attack."
Every time ransomware moves out of the news cycle, someone will ask whether cybercriminals have moved on to other, perhaps more lucrative, activities. In contrast to Ransomware 1.0, big-game ransomware attacks are well planned, targeted and have a greater chance of earning the perpetrators money.
Hackers infiltrated Collabera, siphoned off at least some employees' personal information, and infected the US-based IT consultancy giant's systems with ransomware. Collabera identified malware in its network system consistent with a ransomware attack.
A new ransomware family packs multiple unique features, including to improve performance and give its operators the option to only target networked SMB shares, VMware-owned Carbon Black reveals. Dubbed Conti, the malware improves performance through the use of "Up to 32 simultaneous encryption efforts," and is likely directly controlled by its operators, which means that it can target network-based resources and skip local files, similarly with what the Sodinokibi ransomware can do.
G Data security researchers have identified a new ransomware family that attempts to spread using infected USB drives. Dubbed Try2Cry, the new piece of ransomware borrows functionality from Spora, which first emerged three years ago.
There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's a good reminder to get your software from trustworthy sources, like developers whose code is "Signed" by Apple to prove its legitimacy, or from Apple's App Store itself.