Security News

Ransomware might be a dreadful enterprise, but nobody could accuse the criminals behind these attacks of being weak on customer service. Now you can see why ransomware attacks almost always send back encryption keys when paid - any doubt in the mind of victims would quickly destroy the whole extortion racket as companies knuckled down to do the hard work themselves.

SophosLabs just published an informative report entitled Maze ransomware: extorting victims for 1 year and counting. Sadly, Maze has been in the news quite frequently in recent months, notably because the gang who created it have been in the vanguard of a new wave of "Double-whammy" ransomware attacks.

ATM maker Diebold Nixdorf confirmed on Monday that it was recently hit by a piece of ransomware, but the company said the incident caused only "a limited IT systems outage." Diebold Nixdorf told SecurityWeek that the incident did not affect ATMs, customer networks, or the general public, and "Its impact was not material to our business."

Diebold Nixdorf, a major provider of automatic teller machines and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Suspecting a ransomware attack, Diebold said it immediately began disconnecting systems on that network to contain the spread of the malware.

Rather than simply knocking the law firm out of action temporarily, the ransomware crooks are said to have stolen personal data from a laundry list of celebrity clients, too - allegedly more than 750GB in total including contracts, contact information and "Personal correspondence". In other words, the financial extortion is no longer just a "Kidnap ransom" to get your files back, but also a blackmail demand to stop the crooks leaking your data - or, worse still, your customers' data - to the world.

The rampant rise of ransomware persists, with 100% of respondents - who include ITOps, backup, disaster recovery and storage admins, application and workload owners in the U.S. - reporting that their company experienced a ransomware attack in the last 12 months, Datrium reveals. With the evermore heightened threat of ransomware during the COVID-19 pandemic, companies are prioritizing disaster recovery and the cloud is playing a greater role as a disaster recovery site.

The bad news is that whoever wrote this malware decided to be doubly destructive: it scrambles the files on your C: drive using a secret decryption key, but it wipes out the files on all your other drives, looping through all the letters A: to Z: except C:, issuing commands to delete all the files and directories it can find. The good news is that the programmer of Ransom-FXO didn't take much care over the encryption part, and used a hardcoded cryptographic key that can fairly easily be extracted from the malware file.

While you may be tired of hearing about the trend and just getting used to the reality, you may also like to remember: instances of attacks are climbing - quickly - and we're now reaching a level where more than half of ransomware schemes result in a business paying out. As with any commercialized form of criminality, the attacks are becoming more sophisticated.

In this episode, Duck discusses the iPhone "Word of death", Peter shares a shocking ransomware story and I talk about a chatbot that shows empathy. Host Anna Brading is joined by Naked Security regular Paul Ducklin, threat response expert Peter Mackenzie and me.

Australian transportation and logistics giant Toll Group has been hit by a ransomware attack - for the second time in three months. It's the second ransomware attack for Toll Group this year: The company said on Feb. 3 that it was hit by ransomware, leaving customers reporting an impact on operations across Australia, India and the Philippines.