Security News

The US is protected by what's known as a nuclear triad: a three-pronged attack force that consists of land-launched nuclear missiles, nuclear missiles on submarines, and aircraft equipped with nuclear bombs and missiles. One of the triad's legs - the land-based LGM-30 Minuteman intercontinental ballistic missile - has been kicked by hackers who've inflicted Maze ransomware on the computer network of a Northrup Grumman contractor.

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. Prior to this auction, REvil - like many other ransomware gangs - has sought to pressure victim companies into paying up mainly by publishing a handful of sensitive files stolen from their extortion targets, and threatening to release more data unless and until the ransom demand is met.

A Brit public sector-owned office supplies company shrugged off a ransomware demand for 102 Bitcoins after a staffer opened a phishing email. A local blogger, publishing the Vox Medway site, claimed the attack froze all CSG services at 01:30 UK time on 2 April.

A ransomware incident analyzed by IBM X-Force shows that the attacker wouldn't have been able to decrypt the data, even if the ransom was paid.

The REvil/Sodinokibi ransomware gang has just published what it claimed were files stolen from UK power grid middleman Elexon. The stolen data was published on REvil's Tor webpage as a cache of 1,280 files, which we understand include documents that appeared to be passports of Elexon staff members and an apparent business insurance application form.

If you're a Naked Security Podcast listener, you'll have heard Sophos's own Peter Mackenzie telling some fairly wild ransomware stories. Last week, for example, we wrote about an attack by the Ragnar Locker crew in which they wrapped a 49KB ransomware executable - a file created specifically for one victim, with the ransom note hard-coded into the program itself - inside a Windows virtual machine that served as a sort of run-time cocoon for the malware.

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. As for the infection routine, "The PonyFinal ransomware is delivered through an MSI file that contains two batch files and the ransomware payload," researchers explained.

The latest Naked Security podcast is out now!

A fresh ransomware strain known as "[F]Unicorn" has emerged, first seen this week targeting users by pretending to be an official government COVID-19 contact tracing app. According to an advisory from the Computer Emergency Response Team from the Agency for Digital Italy, the malware family is taking advantage of the rollout of "Immuni" - Italy's official coronavirus-tracking app.

CBS News and CNET Senior Producer Dan Patterson talked with Bryson Bort, founder and CEO of SCYTHE, a cybersecurity company that provides attack simulation, about privacy regulations, cities being attacked by ransomware, and whether cyber-deterrence works well. Dan Patterson: Presumably, somebody will win this election, and presumably we will have many people who are going to make determinations about regulation over the next, say, 18 to 36 months.