Security News

The encryption technology Microsoft uses to protect Windows file systems can be exploited by ransomware. So says the research team at Safebreach Labs, which has demonstrated how file-scrambling software nasties can not only tap into the Windows Encrypting File System but also avoid anti-malware tools.

Could ransomware shakedowns against healthcare entities be taking an even uglier turn? In a recent attack on a Florida-based plastic surgery practice, hackers exfiltrated patients' medical records and then demanded a ransom be paid by the clinic and some of its patients to avoid further exposure of the data. "The attackers demanded a ransom negotiation, and as of Nov. 29, 2019, about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met."

A ransomware with the un-snappy moniker of "5ss5c" has emerged on the scene and appears to be in active development. According to independent researcher Bart Blaze, the malware is the successor to the Satan ransomware, and its authors are still experimenting with focused targeting and features.

This week we look at VPN vulnerabilities [11:13], dig into the Snake ransomware [23:11], and decide whether our phones are spying on us [32:09]. Mark also revisits his growing list of pet peeves and Anna tests whether getting deep fake feet to your phone via SMS is real.

As if ransomware wasn't already bad enough, more ransomware gangs are now exfiltrating data from victims before leaving systems crypto-locked. In the past, many ransomware gangs claimed to have exfiltrated data from victims and threatened to leak it unless their demands were met.

The threat actor or group behind the Satan ransomware - and probably DBGer and Lucky and possibly Iron - seems to be engaged in a new version or evolution of Satan: 5ss5c. There are several clues within 5ss5c linking the ransomware to Satan.

Officials at the Albany International Airport paid a ransom to cybercriminals after the facility's systems were hit with the Sodiniokibi ransomware strain on Christmas, the Albany Times Union reports. At no point did the ransomware attack affect the airport's day-to-day operations, airport officials said.

The original filename and directory are recorded, the decryption key is stored too, and the special tag EKANS, which is SNAKE written backwards, finishes off the encrypted file. The key used for locking data is called the public key, because you can reveal it to anyone; the unlocking key is called the private key, because as long as you keep it private, you're the only one who can later unlock the encrypted data.

Attackers exploiting critical Citrix ADC, Gateway flaw, company yet to release fixesNearly a month has passed since Citrix released mitigation measures for CVE-2019-19781, a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway, which could lead to remote code execution. PCs still running Windows 7 will soon be significantly more at risk of ransomwarePCs still running when Windows 7 reaches end of life on the 14th of January will be significantly more at risk of ransomware, Veritas Technologies has warned.

An upstate New York airport and its computer management provider were attacked by ransomware over Christmas, officials said. Officials at the Albany County Airport Authority announced Thursday that the attack came to light after Schenectady-based LogicalNet reported its own management services network had been breached.