Security News

A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. While Devadoss found the ransomware purporting to be a Google Software Update package, Wardle inspected a ransomware sample that was being distributed via a pirated version of "Mixed In Key 8," which is software that helps DJs mix their songs.

According to a BBC report, the NetWalker ransomware is behind the attack. After detecting the attack, UCSF isolated the affected IT system in the medical school's environment so that the core UCSF network was not affected.

The REvil ransomware gang has added an auction feature to its underground website that allows anonymous bidding on information stolen in its targeted ransomware campaigns. As for why the latter's data is so valuable, "Data stolen from the intellectual property law firm reportedly includes information related to new technologies and unfiled patents that, given the high-profile client list, likely explains the high starting and blitz prices," the firm noted in a report Monday, adding that the data would possibly be of interest to competitors or even a nation-state seeking to gain economic advantages.

A California university which is dedicated solely to public health research has paid a $1.14m ransom to a criminal gang in the hopes of regaining access to its data. The University of California San Francisco paid out in the apparently successful hope that the Netwalker group would send it a decryption utility for its illicitly encrypted files, which it referred to as "Data ... important to some of the academic work we pursue as a university serving the public good".

Late last week, the University of California San Francisco revealed that it paid roughly $1.14 million to cybercriminals to recover data encrypted during a ransomware attack earlier this month. "While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible," UCSF says.

At least 31 organizations in the United States have been targeted with the recently detailed WastedLocker ransomware, Symantec reports. Last week, NCC Group security researchers revealed that the WastedLocker ransomware is being deployed against carefully selected targets and that the SocGholish fake update framework and a custom Cobalt Strike loader are used for malware dissemination.

Maze ransomware masterminds claim to have stolen source code from LG after hacking into the electronics giant. "Soon you'll be able to know how the LG company lost the source code of its products for one very big telecommunications company, working worldwide," the crooks warned in an announcement on their site this week.

The cybercriminals behind the ransomware known as Maze claim to have breached the systems of LG Electronics and obtained highly sensitive information. The operators of the Maze ransomware are known for targeting major organizations and not only encrypting their files, but also stealing files and threatening to make them public unless a ransom is paid.

A new strain of ransomware has arisen in Canada, targeting Android users and locking up personal photos and videos. Like other ransomware families, it encrypts targeted files.

Ransomware criminals claiming to have siphoned confidential docs on Nicki Minaj, Mariah Carey, and Lebron James from an American law firm are threatening to auction off the info. The REvil ransomware gang declared it will sell off troves of the paperwork, which it said it exfiltrated from the computer systems of American showbiz lawyer Allen Grubman.