Displaying items by tag: Emsisoft

A ransomware gang has warned victims that any data that has been exfiltrated from their networks during attacks would be destroyed were they to contact companies to negotiate ransom payments.

The people behind a new ransomware group, Groove, have threatened to start attacking public sector businesses in Ukraine if the government of that country does not stop extraditing citizens to the US.

The chief technology officer of New Zealand-headquartered Emsisoft, a firm well known for its efforts in helping ransomware victims, has poked fun at the "new 'innovative' ways people will claim to be the next big fix for ransomware".

ANALYSIS Claims that the Colonial Pipeline Company paid US$5 million as a ransom to the group behind the DarkSide Windows ransomware after it was attacked on 7 May need to be taken with a pinch of salt, seeing as the report was an "exclusive" from Bloomberg.

Australian healthcare provider UnitingCare Queensland has identified the Windows ransomware that hit its systems on 25 April as the REvil strain, aka Sodinokibi.

Billions of dollars of damage has been caused by ransomware to both business and home users in the last 12 months, the New Zealand-headquartered security firm Emsisoft says in figures released on Tuesday, adding that the average ransom demand increased by more than 80% during the same period, with a total of US$18 billion (A$23.2 billion) paid in ransoms globally.

Claims that a leak of the user data of 533 million Facebook users has just taken place is a bit of a stretch. A major part of this data has been out on the Web for a long time.

In a strictly legal sense, Nine Entertainment is correct in continuing to push the notion that it has not received a ransom note after it announced on 28 March that it had fallen victim to what was described as a "cyber attack", a senior security researcher has told iTWire.

Incident response firm Coveware has deleted a small portion of an article it had posted online in 2019, after the actors behind the REvil ransomware group — also known as Sodinokibi — used it to promote the efficiency of their own decryptor over that of the one used by rival ransomware actor, Ryuk.

Microsoft's Remote Desktop Protocol tool was the attack vector of choice for ransomware attackers in 2020 as they stepped up as the pandemic created an environment suitable for this malware genre to thrive.

Security firm Qualys has become the latest to be affected by a breach of a file transfer system manufactured by the firm Accellion, the company says.

Law enforcement authorities in France and Ukraine have joined forces to arrest a number of people in Ukraine who were using the Windows Egregor ransomware to make money.

Polish video game developer CD Projekt, a company that is known for its game series The Witcher and the CyberPunk 2077 project, says it has suffered an attack from unspecified ransomware, but claims that users' personal data has not been affected.

Ransomware continued on its merry ways in the US public sector in 2020, with 2354 attacks on government, healthcare facilities and schools. The attacks have been only on systems running Microsoft's Windows operating system.

One of the many tools used by multiple ransomware groups in a similar way — suggesting that they are being used by ransomware-as-a-service affiliates — is the Windows backdoor SystemBC, global cyber security vendor Sophos claims.

Two banks in India have been reported to be among the latest businesses to suffer from Windows ransomware attacks, with Nav Jeevan Co-operative Bank taking a hit from the Egregor ransomware while the IDFC First Bank was attacked by a gang using the Everest ransomware. But the latter has now denied it was affected.

Ransomware gangs have shown themselves to be an innovative lot, incorporating more and more tactics as they look to extort money from their victims and this trend will continue into the new year, a veteran researcher of this brand of malware says.

The cyber criminals behind the ransomware attack on Italian liqueur manufacturer Campari Group have taken their efforts to publicise the intrusion in a different direction, infiltrating the Facebook page of an entertainment event organiser and posting an ad and news about the attack there.

Ransomware attacks have grown massively in number over the last 12 months and these days most attacks on Windows systems are invariably through the use of this genre of malware.

A total of 809 ransomware attacks have taken place in the last 12 months, according to DarkTracer, a company that develops a dark web intelligence platform.