The Week in Ransomware – January 11th 2019 – Entry-as-a-Service – BleepingComputer

0
80
The Week in Ransomware – January 11th 2019 – Entry-as-a-Service – BleepingComputer

The Week In Ransomware - January 11th 2019 - Entry-as-a-Service - BleepingComputer

For essentially the most half it has been a gradual this week by way of new ransomware variants being launched. Alternatively, there was fairly a little bit of attention-grabbing info that was launched about Ryuk.

Researchers from FireEye and CrowdStrike launched experiences this week that designate how Ryuk partnered with TrickBot in an access-as-a-service so as to acquire entry to contaminated networks. Different experiences additionally got here out that lead researchers to imagine that the attackers behind Ryuk are Russian, somewhat than North Korean.

Contributors and those that offered new ransomware info and tales this week embody: @demonslay335@struppigel, @Seifreed, @fwosar, @jorntvdw, @malwareforme, @malwrhunterteam, @FourOctets, @BleepinComputer, @PolarToffee, @LawrenceAbrams, @ChristiaanBeek, @John_Fokker, @cglyer, @ItsReallyNick, @CrowdStrike, @FireEye, @McAfee_Labs, and @BBC.

January fifth 2019

Batch file ransomware discovered

MalwareHunterTeam found a really merely ransomware that may be a batch file referred to as Encoder.bat and makes use of WinRar so as to add recordsdata to a password protected archive.

Caption

January seventh 2019

GandCrab Operators Use Vidar Infostealer as a Forerunner

Cybercriminals behind GandCrab have added the infostealer Vidar within the course of for distributing the ransomware piece, which helps enhance their income by pilfering delicate info earlier than encrypting the pc recordsdata.

January eighth 2019

Bridgeport Schools computer network falls victim to cyberattack

The Connecticut Post experiences:

The town college district’s pc community was attacked Friday by a virus attributable to an outdoor entity that meant to carry district knowledge hostage for ransom, district officers say.

January ninth 2019

CryptoMix Ransomware Exploits Sick Children to Coerce Payments

With folks turning into extra conscious of ransomware, criminals are arising with some fairly low life schemes so as to coerce victims into paying ransomware. Such is the case with a CryptoMix ransomware, who pretends to characterize a sick kids’s charity and is asking for a ransom cost as if it was a charitable donation.

Ryuk Ransomware Attack: Rush to Attribution Misses the Point

In an article by John Fokker and Christiaan Beek of McAfee:

Essentially the most probably speculation within the Ryuk case is that of a cybercrime operation developed from a device equipment supplied by a Russian-speaking actor. From the proof, we see pattern similarities over the previous a number of months that point out a device equipment is getting used. The actors have focused a number of sectors and have requested a excessive ransom, 500 Bitcoin. Who’s accountable? We have no idea. However we do understand how the malware works, how the attackers function, and how one can detect the menace. That evaluation is crucial as a result of it permits us to serve our prospects.

The cyber-attack that sent an Alaskan community back in time

The BBC experiences concerning the Ransomware assault that took out a city in Alaska.

In 2018, a distant Alaskan group’s infrastructure was hit by a malware assault which compelled it offline. It was solely then they realised how a lot they trusted computer systems.

Ahihi Ransomware discovered

MalwareHunterTeam discovered the Ahihi ransomware doesn’t change the extension.

Ransomware ransom note tries to phish PayPal account

MalwareHunterTeam discovered a brand new ransom word that additionally makes an attempt to steal PayPal account credentials via a phishing web page.

January 10th 2019

Possible new STOP/Djvu variant

Michael Gillespie is looking for a brand new Ransomware that appends the .pdff extension and drops a word named _openme.txt.

January 11th 2019

Del Rio City Hall Forced to Use Paper After Ransomware Attack

The Metropolis Corridor of Del Rio, Texas was hit by a ransomware assault on Thursday, which led to a number of computer systems on the community being turned off and disconnected from the Web to comprise and analyze the malware.

Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks

New analysis now signifies that the Ryuk actors could also be renting different malware as an Entry-as-a-Service to achieve entrance to a community.

New STOP variants

Michael Gillespie observed two new STOP variant that was uploaded to ID Ransomware and appends the .tfude or the .tro extensions to encrypted file names.

That is it for this week! Hope everybody has a pleasant weekend!

Source

News Comments
0 Shares

The Week In Ransomware - January 11th 2019 - Entry-as-a-Service - BleepingComputer
The Week In Ransomware - January 11th 2019 - Entry-as-a-Service - BleepingComputer
The Week In Ransomware - January 11th 2019 - Entry-as-a-Service - BleepingComputer
The Week In Ransomware - January 11th 2019 - Entry-as-a-Service - BleepingComputer
The Week In Ransomware - January 11th 2019 - Entry-as-a-Service - BleepingComputer

The Week In Ransomware - January 11th 2019 - Entry-as-a-Service - BleepingComputer

The Week In Ransomware - January 11th 2019 - Entry-as-a-Service - BleepingComputer