Malware & Ransomware

February 26, 2021 — A hacking group called ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the country’s largest bank, Banco Pichincha, where they claim to have stolen internal data.

The ransomware gang first targeted Ecuador’s Ministry of Finance, the Ministerio de Economía y Finanzas de Ecuador, where they deployed a PHP-based ransomware strain to encrypt a site hosting an online course. Source: BleepingComputer

February 20, 2021 — A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, and security researchers are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. Source: arstechnica

Apple users advised to install latest iPhone and iPad iOS update

March 30, 2021 – Apple users are being urged to install the latest iOS software which fixes a security issue in both iPhones and iPad.

The tech giant released both iOS 14.4.2 and iPadOS 14.4.2 on Friday which, according to its security support website, relates to Webkit – the web browser engine used by Safari, Mail, App Store and dozens of other iOS apps. Source: 7news

January 15, 2021 — 2020 was a tough year for cybersecurity. Security teams had to secure remote work environments in a matter of days as the COVID-19 pandemic triggered widespread, extended lockdowns. Then, they had to maintain secure operations throughout the year without physical access to the resources they typically use. Meanwhile, ransomware attacks expanded in scale and intensity, sometimes making the majority of an organization’s computers unusable all at once, while also stealing sensitive data. Source: TechTarget

January 4, 2021 — Cybersecurity is an arms race, with defensive tools and training pushing threat actors to adopt even more sophisticated and evasive intrusion techniques as they attempt to gain a foothold in victim networks. Most modern endpoint protection (EPP) services are capable of easily identifying traditional malware payloads as they are downloaded and saved on the endpoint, which means attackers have now turned to fileless malware techniques that never touch the victim’s storage. Source: HelpNetSecurity

December 10, 2020 — A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat affects multiple browsers—Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox—exposing the attackers’ intent to reach as many Internet users as possible. Source: Microsoft 365 Defender Research Team

December 5, 2020 — In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands.

“We’ve seen this trend since at least August-September,” Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet on Friday.

Image: BleepingComputer

December 3, 2020 — US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned.

Sears Holding Corp originally owned both Kmart and Sears, but after the company filed for bankruptcy in 2018, it was purchased by Transform Holdco LLC (Transformco) in 2019. Source: BleepingComputer

November 24, 2020 — One of South Korea’s largest retailers had to shut down nearly half of its retail stores on Sunday after a ransomware attack. 

E-Land said its corporate network system was attacked early in the morning, forcing it to close 23 of its 50 NC department stores and NewCore outlets. 

According to Yonhap, E-Land quarantined part of its corporate network system to contain the damage and police are now investigating the attack’s origins. Source: Inside Retail

November 19, 2020 — So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim.

You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted.

Too dull?

You could lock infected PCs and display a ghoulish skull on a bright red background (most ransomware seems to insist upon using a shade of red. Maybe the developers have conducted market research as to what Pantone colour is most likely to ensure a swift coughing up of a ransom.)

Too clichéd? Read more…. Source: Tripwire

November 10, 2020 — Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies’ networks with malware.

Microsoft is warning its customers about the so-called “FakeUpdates” campaigns in a non-public security advisory, according to a report in Bleeping Computer. The campaign is targeting various types of companies, with recent targets in the K-12 education sector, where organizations are currently dependent on using apps like Teams for videoconferencing due to COVID-19 restrictions. Source: ThreatPost

Source: Bleeping Computer

November 5, 2020 — Italian liquor company Campari Group was hit by a Ragnar Locker ransomware attack, where 2 TB of unencrypted files was allegedly stolen. To recover their files, Ragnar Locker is demanding $15 million.

Campari Group is an Italian beverage company known for its popular liquor brands, including Campari, Frangelico, SKYY vodka, Epsolon, Wild Turkey, and Grand Marnier. Source: Bleeping Computer

October 13, 2020 — Seyfarth Shaw, a global legal firm with Australian offices, said it is the victim of an “aggressive malware” attack that it believes to be ransomware.

The firm, which is headquartered in the US but has a regional presence including in Sydney and Melbourne, said in a statement that it was attacked on October 10 US time. Source: ITNews

October 12, 2020 — Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android’s Home button to lock the device behind a ransom note.

The findings concern a variant of a known Android ransomware family dubbed “MalLocker.B” which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as an obfuscation mechanism to evade security solutions. Source: The Hacker News

Image: Software AG

October 9, 2020 — Software AG, one of the largest software companies in the world, has suffered a ransomware attack over the last weekend, and the company has not yet fully recovered from the incident.

A ransomware gang going by the name of “Clop” has breached the company’s internal network on Saturday, October 3, encrypted files, and asked for more than $20 million to provide the decryption key. Source: ZDNet

Image: Microsoft

October 8, 2020 — Attackers are persistent and motivated to continuously evolve – and no platform is immune. That is why Microsoft has been working to extend its industry-leading endpoint protection capabilities beyond Windows. The addition of mobile threat defense into these capabilities means that Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection) now delivers protection on all major platforms. Source: Microsoft

October 6, 2020 — Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020.

At the top of the list are Maze, Ryuk, and REvil (Sodinokibi) ransomware families, according to recently published data from Check Point and IBM Security X-Force Incident Response team. Source: Bleeping Computer

September 28, 2020 — CMA CGM has confirmed it has become the latest liner to suffer a cyber attack today. The company stated today that it is currently dealing with a cyber attack impacting peripheral servers. A number of the group’s websites have been down for large parts of Monday.

“As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading,” CMA CGM stated today. Splash 247

September 28, 2020 — UNIVERSAL HEALTH SERVICES, a hospital and health care network with more than 400 facilities across the United States, Puerto Rico, and United Kingdom, suffered a ransomware attack early Sunday morning that has taken down its digital networks at locations around the US. As the situation has spiraled, some patients have reportedly been rerouted to other emergency rooms and facilities and had appointments and test results delayed as a result of the attack. Source: WIRED

September 23, 2020 — Security firm Group-IB says it identified a new cybercrime group that, for the past six months, has repeatedly and intentionally targeted Russian businesses with malware and ransomware attacks.

Named OldGremlin, Group-IB says the hackers are behind targeted attacks with a new strain ransomware called TinyCryptor (aka decr1pt). Source: ZDNet

Pakistan: September 8, 2020 — K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services.

K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Source: BleepingComputer

Argentina: September 6, 2020 — Argentina’s official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.

While ransomware attacks against cities and local agencies have become all too common, this may be a first known attack against a federal agency that has interrupted a country’s operations. Source BleepingComputer

August 24, 2020 – Cyber-security firm Group-IB says it identified a group of low-skilled hackers operating out of Iran that has been launching attacks against companies in Asia and attempting to encrypt their networks with a version of the Dharma ransomware. Source: ZDNet

OLATHE, August 5, 2020 — Garmin’s database suffered a ransomware attack — a common form of cyberattack — on July 23, leading to many of the fitness tech company’s services going offline.

The only way to recuperate the data was to obtain the decryption key, held by the hackers and the subject of costly negotiations. And according to documents obtained by Bleeping Computer, the company acquiesced to the payment. Source: Malay Mail

Brazil: July 14, 2020 – is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their attacks to the customers of local banks. Source: Kaspersky

July 17, 2020 – The UK, Canada and US have accused a Russian hacking group “almost certainly” backed by intelligence services of targeting research into coronavirus vaccines. Source:

July 14, 2020 – Business giant SAP released a patch today for a major vulnerability that impacts the vast majority of its customers. The bug, codenamed RECON, exposes companies to easy hacks, according to cloud security firm Onapsis, who discovered the vulnerability earlier this year, in May, and reported it to SAP to have it patched. Source: ZDNet

July 8, 2020 – Outdated or illegitimate software is like open doors for malicious users. The recent discovery by Kaspersky proves this once again. Source: ESPC

July 7, 2020 – Researchers uncovered new ransomware, known as ‘Try2Cry’, which is striking Windows users through the help of USB flash drive. 

‘Try2Cry’ is a .NET ransomware and also an alternative of the open-source Stupid ransomware family. Researchers after investigating a sample that is confused with the DNGuard code protection tool. Source: Cyber Security News