Security News

39% of organizations either have no ransomware emergency plan in place or are not aware if one exists. This is despite more ransomware attacks being recorded in the past 12 months than ever before, Ontrack reveals.

Security bods are sounding the alarm following the discovery of a rare brand-new strain of Mac ransomware. The team at infosec outfit Malwarebytes told The Register on Tuesday the malware is the first new piece of macOS ransomware it has detected in the past four years.

Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant - dubbed "EvilQuest" - is packaged along with legitimate apps, which upon installation, disguises itself as Apple's CrashReporter or Google Software Update.

A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. While Devadoss found the ransomware purporting to be a Google Software Update package, Wardle inspected a ransomware sample that was being distributed via a pirated version of "Mixed In Key 8," which is software that helps DJs mix their songs.

According to a BBC report, the NetWalker ransomware is behind the attack. After detecting the attack, UCSF isolated the affected IT system in the medical school's environment so that the core UCSF network was not affected.

The REvil ransomware gang has added an auction feature to its underground website that allows anonymous bidding on information stolen in its targeted ransomware campaigns. As for why the latter's data is so valuable, "Data stolen from the intellectual property law firm reportedly includes information related to new technologies and unfiled patents that, given the high-profile client list, likely explains the high starting and blitz prices," the firm noted in a report Monday, adding that the data would possibly be of interest to competitors or even a nation-state seeking to gain economic advantages.

A California university which is dedicated solely to public health research has paid a $1.14m ransom to a criminal gang in the hopes of regaining access to its data. The University of California San Francisco paid out in the apparently successful hope that the Netwalker group would send it a decryption utility for its illicitly encrypted files, which it referred to as "Data ... important to some of the academic work we pursue as a university serving the public good".

Late last week, the University of California San Francisco revealed that it paid roughly $1.14 million to cybercriminals to recover data encrypted during a ransomware attack earlier this month. "While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible," UCSF says.

At least 31 organizations in the United States have been targeted with the recently detailed WastedLocker ransomware, Symantec reports. Last week, NCC Group security researchers revealed that the WastedLocker ransomware is being deployed against carefully selected targets and that the SocGholish fake update framework and a custom Cobalt Strike loader are used for malware dissemination.

Maze ransomware masterminds claim to have stolen source code from LG after hacking into the electronics giant. "Soon you'll be able to know how the LG company lost the source code of its products for one very big telecommunications company, working worldwide," the crooks warned in an announcement on their site this week.