Security News

Ransomware operators of DoppelPaymer and Maze malware stated that they will not target medical organisations during the current pandemic. Laurence Abrams, who runs the security news site Bleeping Computer, reports that he made contact with "The operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak."

Late last week, researchers at network intelligence company DomainTools warned about an Android malware sample that caught our attention. Like many other cyberthreats doing the rounds these days, the criminals have used the coronavirus pandemic as a lure, offering an intriguing if rather creepy app called COVID 19 TRACKER. The website promoting the app offers to "Track Real-Time Coronavirus Outbreak in your Street, City and State", and says it will "Get Real-Time Statistics about Coronavirus outbreaks around you in over 100 countries."

Ransomware attacks are still happening, and more employees need to be trained on how to prevent them. TechRepublic's Karen Roby spoke with Rahul Kashyap, president and CEO of Awake Security, about the prevalence of ransomware and how to prevent it.

Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.

Most ransomware is deployed after hours, and usually several days after the initial compromise, newly published research from FireEye reveals. While performing an analysis of dozens of incidents between 2017 and 2019, FireEye discovered common characteristics related to infection vectors, dwell time, and time of day of ransomware deployment, while also identifying innovations that operators adopted to maximize profits.

The app promises access to a coronavirus map tracker but instead holds your contacts and other data for ransom, DomainTools found. A new type of ransomware known as CovidLock encrypts key data on an Android device and denies access to the victims unless they pay up, according to the threat intelligence firm DomainTools.

In most cases of human-operated ransomware attacks against enterprises, the hackers don't trigger the malware immediately: according to FireEye researchers, in most of cases, at least three days passed between the first evidence of malicious activity and ransomware deployment. What are the attackers waiting for? One of the reasons for the delay is the wish to spread the ransomware to many systems before running it.

In many cases, it has been determined that threat actors were inside a healthcare organization's network for months or even years before setting their malicious code loose. They're low on the priority list until someone clicks on a malicious link that the spam filter didn't catch thus unleashing ransomware on the network, after which all hell breaks loose.

The latest scheme includes a malicious Android tracker app that supposedly allows users to keep an eye on the spread of the virus, but locks victims' phone and demands money to unlock it. The DomainTools security research team is warning about a discovered a malicious domain distributing a fake Coronavirus outbreak tracker app, which will purportedly provide users tracking and statistical information about Covid-19 and heatmap visuals.

As the world tackles the COVID-19 coronavirus pandemic, ransomware creeps have knocked offline a public health agency's website that served nearly a quarter of a million people in the US. The Champaign Urbana Public Health District in Illinois, covering 210,000 folks, including the state's biggest university, said today it has had to set up an alternate website as it deals with a ransomware infection that took down its primary site. A spokesperson for the district also confirmed an earlier report from Mother Jones that the outage, which began Tuesday morning, was caused by a ransomware infection rather than a crush of traffic.