PC PORTAL

Experienced. Trusted. Solutions.

ransomware

By

Cyber News Rundown: WasteLocker Ransomware

Reading Time: ~ 2 min.

Garmin Hit with WastedLocker Ransomware

Nearly a week after the company announced they had suffered a system outage, Garmin has finally admitted to falling victim to a ransomware attack, likely from the increasingly popular WastedLocker variant. As is the norm for WastedLocker, the attack was very specific in its targeting of the company (even mentioning Garmin by name in the ransom note) and took many of their services offline. Though Garmin has confirmed that no customer data was affected, they are still unsure when their services will return to full functionality.

Israeli Marketing Firm Suffers Data Breach

More than 14 million user accounts held by the Israeli marketing firm Promo were compromised in a recent breach. Subsequently, at least 1.4 million decrypted user passwords were found for sale on a Dark Web forum, along with 22 million records containing highly sensitive information. The company has since contacted affected customers and is pushing a forced password reset.

Netwalker Ransomware Targets U.S. Government Organizations

The FBI has released a security statement concerning Netwalker ransomware attacks, which have targeted both U.S. and foreign government agencies in recent months. Netwalker is known for exploiting remote desktop utilities to compromise major enterprise networks. It also offers ransomware-as-a-service to other cybercriminals. The best methods for blocking these types of attacks is setting up two-factor authentication (2FA) and creating offline data backups to protect in case of a successful breach.

Lazarus Hacking Group Branches Out to Ransomware

The North Korean state-sponsored hacking group Lazarus has added ransomware to their latest attacks. Unfortunately for the group, the ransomware variant they’ve chosen is inefficient at encrypting data, sometimes taking up to 10 hours to fully encrypt a single system. These attacks are similar to those targeting Sony Pictures in 2014 and those that affected the 2018 Winter Olympic games, both of which are suspected to have been conducted by state-backed actors.

Nefilim Ransomware Begins Publishing Dussman Groups Data

At least 14GB of data belonging to a subsidiary of Dussmann Group, a major German MSP, is being leaked by the operators of the Nefilim ransomware variant. The operators have confirmed they were able to obtain roughly 200GB of data from the subsidiary after discovering a still-unknown method for compromising the network. Customers affected by the leak have already been notified.

The post Cyber News Rundown: WasteLocker Ransomware appeared first on Webroot Blog.

By

Cyber News Rundown: ATM Jackpotting Attacks Rise

Reading Time: ~ 2 min.

ATM Jackpotting Attacks on the Rise

ATM manufacturer Diebold Nixdorf has identified a malicious campaign that uses proprietary software to “jackpot” the machines. The attack requires malicious actors to breach the ATM manually and then use the software to force the machine to dispense cash at a rapid rate, known within the industry as jackpotting. While these attacks don’t seem to affect customer data or finances, the company is unsure how the attackers obtained the proprietary software used in the scam.

Ransomware Locks Down Telecom Argentina

Telecom Argentina is being extorted for over $7.5 million following a ransomware attack last week. The hacker group REvil is believed to be behind the attack, which may mean the stolen data is set to be posted on the group’s auction site. Officials are still unsure of how the intrusion occurred, but it’s likely to have stemmed from a compromised remote access point.

Maryland Health Services Breach Affects Thousands

More than 40,000 individuals may have had personal information leaked after a ransomware attack on Lorien Health Services in Maryland. The breach was discovered in June, but after the healthcare provider refused to pay the ransom the hackers began publishing the stolen data, which includes Social Security Numbers and other highly sensitive information. Lorien was quick to notify affected clients and had begun offering credit monitoring services to those affected within two days of the attack being confirmed.

University of York Data Breach

The University of York in the UK has learned of a data breach that occurred in May and could affect a considerable number of students and staff. The breach itself was enabled by a third-party service provider and contained personally identifiable information on an unknown number of victims. While there is little the university can do to contain this type of attack, it comes as another reminder of the importance of supply chain data security and the knock-on effect of such attacks.

Meow Attacks Target Vulnerable Databases

Dozens of unsecured databases from Elasticsearch and MongoDB were wiped in a new malicious campaign that seems to attack indiscriminately. Discovered within the last week, the Meow attacks as they’re known appear to use an automated script to overwrite any data in vulnerable databases and destroy any remaining data. This string of attacks may encourage stronger security policies among previously lax database administrators, but the lesson is costly for affected businesses.

The post Cyber News Rundown: ATM Jackpotting Attacks Rise appeared first on Webroot Blog.

By

Cyber News Rundown: Ragnar Locker

Reading Time: ~ 2 min.

Ragnar locker Attacks Portuguese Energy Producer

It was recently confirmed that Energias de Portugal (EDP), one of the largest energy producers in the world, has fallen victim to the Ragnar Locker ransomware variant. The original attack took place in April but was only discovered in May after nearly three weeks of being active on their systems. After contacting affected customers, the company also revealed it was subject to a Bitcoin ransom of roughly $10 million to ensure the stolen data wasn’t publicly released.

Xchanging MSP Falls Victim to Ransomware

An MSP known as Xchanging, which primarily serves the insurance industry, was hit with a ransomware attack over the weekend that forced it to take many of its systems offline. Though the attack was largely confined to Xchanging’s systems and only affected a small number of customers, it is still unclear how long the infection was active before discovery. In a statement, the company says it’s working to restore access to customer operating environments as quickly as possible.

Fitness Firm Exposes Customer Info

Nearly 1.3 million customer files and photos were compromised after the fitness firm V Shred was breached, potentially affecting up to 100,000 clients. The data was stored on an improperly configured Amazon S3 bucket that was discovered as a part of a larger mapping project that had already located several similar leaks. While V Shred confirmed much of the data was publicly available, it originally denied that the dataset itself contained full names, addresses, and other highly sensitive personal information that could be used maliciously.

Magecart Group Surpasses 570 Victim Sites

In the three years since Magecart Group 8’s initial foray onto the card-skimming scene, it has successfully compromised over 570 e-commerce sites around the world. More than 25 percent of the attacks targeted US domains and stemmed from 64 unique attack domains that were able to distribute injected JavaScript software with relative ease. Many were nearly identical to legitimate domains. It’s believed the group has netted over $7 million from selling stolen payment card information since April 2017.

Clubillion Casino App Leak Could Affect Millions

A database containing personally identifiable information on millions of users of the casino app Clubillion was compromised in late March. The breach was discovered and secured within five days, though heavy traffic to the site may have enabled the compromise of hundreds of thousands more individuals in that time. These types of apps are common targets of cyberattacks because they hold such large quantities of sensitive data that can be used for further attacks by leveraging the stolen data.

The post Cyber News Rundown: Ragnar Locker appeared first on Webroot Blog.

By

Cyber News Rundown: Knoxville Rocked by Ransomware

Reading Time: ~ 2 min.

Ransomware Knocks Out Knoxville, TN

Knoxville, Tennessee officials have been working over the past week to secure systems and determine if any sensitive information was stolen after a ransomware attack was identified. Fortunately, city IT staff were able to quickly implement security protocols and shut down critical systems before the infection could spread. Within the day, many of the targeted city domains were redirected to new sites, allowing city services to operate normally.

Magecart Attacks Multiple Online Retailers

Malicious Magecart scripts have been identified in recent months on multiple domains belonging to online retailers. Following the registration of a fake domain related to Claire’s in March, several weeks of inactivity passed before code was again spotted on Claire’s websites being used to intercept payment card transactions. It was finally removed from the company’s domains in the second week of June, but not before leaving thousands of customers potentially compromised.

Maze Ransomware Infiltrates US Chipmaker

The computer systems of MaxLinear, a U.S. computer chip maker suffered a Maze ransomware attack that forced them to take their remaining systems offline. Officials discovered that for more than a month there was unauthorized access resulting in the leak of over 10GB of stolen data from an alleged trove of over 1TB of total data. MaxLinear has since refused to pay the ransom and been in contact with affected customers. The manufacturer does not believe future operations will be delayed.

Over 100 NHS Email Accounts Compromised

Within the last two weeks a phishing campaign hit the National Health Service (NHS), successfully accessing over 100 internal email accounts. The affected accounts make up an extremely small portion of total NHS email accounts, of which there are nearly 1.4 million in total. The hacked accounts were used to distribute a malicious spam campaign designed to steal credentials through a fake login page.

DraftKings Announces Ransomware Attack Amidst Merger

Following the multi-way merger that resulted in the formation of DraftKings Inc., DraftKings revealed that one of the subsidiaries, SBTech, suffered a ransomware attack within weeks of the merger being finalized. While it is still not known what variant of ransomware was used in the cyberattack, officials have determined that no information was compromised. Rather, the attack was focused on taking their online systems down. Though SBTech was required to create a significant emergency fund preceding the merger, the deal seems to have been unaffected by the attack.

The post Cyber News Rundown: Knoxville Rocked by Ransomware appeared first on Webroot Blog.

By

Cyber News Rundown: Nintendo Accounts Breached

Reading Time: ~ 2 min.

Nintendo Accounts Breached

Stemming from a cyber-attack back in April, Nintendo has just announced that roughly 300,000 user accounts have been compromised, though most belong to systems that are now inoperable. From the excessive unauthorized purchases, the attackers likely used credential-stuffing methods to access accounts and make digital purchases through PayPal accounts that were already logged in. Nintendo has since contacted the affected customers and has begun pushing out mandatory password resets.

Kingminer Botnet Locks Down Entry Points Behind Them

After nearly two years of operation, the owners of the Kingminer crypto jacking botnet have taken up a new tactic of patching the very vulnerabilities they used to illicitly access systems. This implementation is likely being used to block any other malicious campaigns from accessing the compromised systems and net them larger profits. By using the EternalBlue exploit and patching it behind themselves, they can brute force their way into any vulnerable system and then keeping their own crypto mining scripts active for an increased amount of time before being discovered.

Honda Shuts Plants After Ransomware Attack

Several Honda plants around the world have recently closed due to a ransomware attack that has targeted several manufacturing systems. The shutdown came only hours after a new Snake ransomware sample was uploaded to Virus Total and was seen attempting to contact an internal site belonging to Honda. Currently, officials for Honda are still working to determine exactly what parts of their systems were affected and if any personally identifiable information was compromised.

Scammers Created Fake SpaceX YouTube Channels to Steal Cryptocurrency

Multiple malicious YouTube accounts have changed their names to keywords relating to SpaceX in order to scam viewers out of Bitcoin cryptocurrency donations. While it should be obvious that these channels are not the legitimate SpaceX account based solely on the number of subscribers, the fake channels have also been livestreaming old recorded SpaceX interviews with Elon Musk, to improve their legitimacy. Unfortunately, during the livestreams, the channels promote cryptocurrency scams in the chat section to entice other viewers to send in a small amount of cryptocurrency with the promise of a significant amount more being sent back.

Florence, Alabama Pays Ransom Demand

In the last week, officials for Florence, Alabama have been working to negotiate with the authors of the DoppelPaymer ransomware attack that took down the city’s email systems. Though the initial ransom amount was 38 Bitcoins, or the equivalent of $378,000, the security team that was brought in was able to drop the demand to 30 Bitcoins, or $291,000, which the city has decided to pay. It is still unclear exactly what information may have been stolen or accessed, the Mayor of Florence concluded that it was best to just pay the ransom and hope their information is returned and their systems are decrypted.

The post Cyber News Rundown: Nintendo Accounts Breached appeared first on Webroot Blog.