Security News
The NHS has suffered 209 successful ransomware attacks since 2014, according to new figures based on Freedom of Information requests, but with a dramatic improvement since 2017, the year WannaCry ransomware hit the health service. The WannaCry attack in 2017 - famously thwarted by Brit white hat hacker Marcus Hutchins - caused a spike to 101 incidents and we know many of these were severe.
Its home state, Maryland, also knows how to swiftly propose mind-bogglingly bad legislation that would outlaw possession of ransomware and put researchers in jeopardy of prosecution. It's not supposed to keep researchers from responsibly researching or disclosing vulnerabilities, but like other, similar "Let's make malware more illegal" bills before it, SB 30's attempts to protect researchers could "Use a little more work," as pointed out by Ars Technica's Sean Gallagher.
According to SentinelLabs, which has seen attacks involving Snake for the past month, files encrypted by this ransomware are difficult or impossible to recover without paying the ransom demanded by the attackers. Snake targets a wide range of files, but avoids encrypting system files and folders.
New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. The bill, S.B. S7246, proposes a blanket policy in New York State that's aimed at removing the incentive for ransomware operators to keep targeting its agencies, towns and cities.
New York state senators have proposed two bills that would require government agencies to tell ransomware attackers to get lost. We've seen mayors in US cities resolve to eschew paying ransom to get their systems back from attackers, but New York is the first state to make a move in that direction - and to back it up with actual legislation.
Ransomware costs more than doubled in the fourth quarter of 2019, with the average ransom payment skyrocketing to $84,116, a 104 percent surge up from $41,198 in the third quarter. "In Q4, ransomware actors also began exfiltrating data from victims and threatening its release if the ransom was not paid. In addition to remediation and containment costs, this new complication brings forth the potential costs of 3rd party claims as a result of the data breach," said researchers with Coveware in an analysis published this week, which aggregated anonymized ransomware cases handled by Coveware's incident response team.
FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week. When examining these new ransomware samples, analysts found that FTCODE had recently been updated to steal credentials and passwords from popular browsers, including Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, according to an analysis by Zscaler ThreatLabZ researchers Rajdeepsinh Dodia, Amandeep Kumar and Atinderpal Singh.
Maryland lawmakers are considering a bill that would make possession of ransomware a crime punishable by up to 10 years in prison sentence and a $10,000 fine. Maryland would reportedly be the third state to criminalize possession of ransomware.
A potential ransomware process using EFS was discovered by researchers at SafeBreach. This approach entirely uses Windows features - and can consequently be defined as a form of 'living off the land' - although the primary difference with traditional ransomware is that this process uses different Windows features that are less likely to be monitored.
New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook. FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims.