Security News
In many cases, it has been determined that threat actors were inside a healthcare organization's network for months or even years before setting their malicious code loose. They're low on the priority list until someone clicks on a malicious link that the spam filter didn't catch thus unleashing ransomware on the network, after which all hell breaks loose.
The latest scheme includes a malicious Android tracker app that supposedly allows users to keep an eye on the spread of the virus, but locks victims' phone and demands money to unlock it. The DomainTools security research team is warning about a discovered a malicious domain distributing a fake Coronavirus outbreak tracker app, which will purportedly provide users tracking and statistical information about Covid-19 and heatmap visuals.
As the world tackles the COVID-19 coronavirus pandemic, ransomware creeps have knocked offline a public health agency's website that served nearly a quarter of a million people in the US. The Champaign Urbana Public Health District in Illinois, covering 210,000 folks, including the state's biggest university, said today it has had to set up an alternate website as it deals with a ransomware infection that took down its primary site. A spokesperson for the district also confirmed an earlier report from Mother Jones that the outage, which began Tuesday morning, was caused by a ransomware infection rather than a crush of traffic.
Researchers have discovered a new strain of ransomware, dubbed "PXJ," which emerged in the wild in early 2020. While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said.
In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances...
Cybercriminals are likely to leverage the global anxiety around the coronavirus outbreak to execute ransomware attacks against businesses, according to RiskIQ. After extensive analysis of past ransomware attacks during global epidemics and current phishing campaigns leveraging the coronavirus, threat actors will eventually begin using ransomware against victims they infect with the AZORult and Emotet varieties of malware. Clicking on malicious links is necessary to execute the attacker's malware, which opens the door for ransomware infection.
A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization's network, researchers have found. Paradise ransomware has been active since 2017, though it's not as well-known as other ransomware campaigns.
The City of Durham and the Durham County government in North Carolina are in the process of recovery after experiencing what appears to be a ransomware attack on March 6. In a notice published on its website on Sunday, the City of Durham revealed that it was alerted of the incident late on Friday, and that it immediately responded and shut down some systems in an attempt to contain the attack.
Targeted ransomware attacks continue to increase as gangs seek to obtain bigger ransom payoffs from larger targets, security experts warn. Some underground actors provide purpose-built tools that have been widely adopted by ransomware gangs.
Employing techniques usually associated with nation-state threat actors, human-operated ransomware attacks represent a growing threat to businesses, Microsoft warned last week. REvil, Samas, Bitpaymer, and Ryuk are some of the most infamous human-operated ransomware campaigns, but other prolific threat actors have emerged recently, demonstrating a need for comprehensive defenses that can stop the attacks in their infancy, Microsoft says.