Security News
Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data that's not vital for the functioning of the operating system.
Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. Redmond said in a report published over the weekend that it observed a pattern of targeted attacks on infrastructure in Ukraine by the Russian military intelligence threat group Sandworm in association with missile strikes.
A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "The activity of CryWiper once again shows that the payment of the ransom does not guarantee the recovery of files," the researchers said, stating the malware "Deliberately destroys the contents of files."
A previously undocumented data wiper named CryWiper is masquerading as ransomware, but in reality, destroys data beyond recovery in attacks against Russian mayor's offices and courts. "In the fall of 2022, our solutions detected attempts by a previously unknown Trojan, which we named CryWiper, to attack an organization's network in the Russian Federation," explains the new report by Kaspersky.
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery. CryWiper was first discovered by Kaspersky this fall, seen in attacks against organizations in the Russian Federation.
New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. "There are similarities with previous attacks conducted by Sandworm: a PowerShell script used to distribute the.NET ransomware from the domain controller is almost identical to the one seen last April during the Industroyer2 attacks against the energy sector."
The website of the European Parliament has been taken down following a DDoS attack claimed by a pro-Russia group of hacktivists calling themselves Anonymous Russia. The Director General for Communication and Spokesperson of the European Parliament, Jaume Dauch, also stated after the website went down that the outage was caused by an ongoing DDoS attack.
As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.
At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. "The influx of a huge number of workers into the popular scam Classiscam, at its peak, comprised over a thousand criminal groups and hundreds of thousands of fake websites has led to criminals competing for resources and looking for new ways to make profits," comments Group-IB. "The popularity of schemes involving stealers can be explained by the low entry barrier. Beginners do not need to have advanced technical knowledge as the process is fully automated, and the worker's only task is to create a file with a stealer in the Telegram bot and drive traffic to it." - Group-IB. Currently, there are 34 active cybercrime groups on Telegram that operate as mass-scale information-stealing gangs, each with roughly 200 members.
Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The defendants' move to press sanctions against Google was denied.