Baltimore ransomware nightmare could last weeks more, with big consequences It’s been nearly two weeks since the City of Baltimore’s networks were shut down in response to a ransomware attack, and there’s still no end in sight to the attack’s impact. It may be weeks more before the city’s services return to something resembling normal—manual workarounds are being put in place to handle some services… Read More
DBGer Ransomware Uses EternalBlue and Mimikats to Spread Across Networks The change was not only in name but also in the ransomware’s modus operandi. According to the researcher, whose discovery was later confirmed by an Intezer code similarity analysis, the new (Satan) DBGer ransomware now also incorporates Mimikatz, an open-source password-dumping utility. The purpose of DBGer incorporating Mimikatz is for lateral movement inside compromised networks.… Read More
Years of Police Dashcam Video Lost in Atlanta Ransomware Incident The Atlanta Police Department has lost years worth of police car dashcam videos following the March ransomware attack that affected most of the city’s IT infrastructure. Chief Shields said footage from body-worn cameras was not compromised in the cyber-attack that crippled Atlanta city IT systems for almost two months, but only videos recorded by police… Read More
Police Dept Loses 10 Months of Work to Ransomware. Gets Infected a Second Time Secret Service agents are now investigating the point of entry for both infections, hoping to find clues and track down the hackers. The first ransomware infection took place on April 23, last month and encrypted ten months worth of work data related to active investigations. Officials said they didn’t pay the ransom and were able… Read More
SynAck targeted ransomware uses the Doppelgänging technique The Process Doppelgänging technique was first presented in December 2017 at the BlackHat conference. Since the presentation several threat actors have started using this sophisticated technique in an attempt to bypass modern security solutions. In April 2018, we spotted the first ransomware employing this bypass technique – SynAck ransomware. It should be noted that SynAck… Read More
School District Pays $10,000 Bitcoin Ransom To Hackers After Cyberattack And despite the nefarious nature of the school system’s lockdown, there is no criminal investigation into the matter because solving this crime is “impossible,” said Interim Leominster Police Chief Michael Goldman. Source: cbslocal… Read More
Spartacus ransomware: introduction to a strain of unsophisticated malware There is nothing impressive about them, in fact just the opposite. I would say they are boring at best. So why are we writing about one of them? The analysis of Spartacus can essentially be used as a base knowledge and reference for anyone analyzing variants of these basic .NET ransomware that they may come… Read More
New C# Ransomware Compiles itself at Runtime A new in-development ransomwarewas discovered that has an interesting characteristic. Instead of the distributed executable performing the ransomware functionality, the executablescompiles an embedded encrypted C# program at runtime and launches it directly into memory. Source: bleepingcomputer… Read More
Atlanta Spent $2.6M to Recover From $52,000 Ransomware Scare The City of Atlanta spent more than $2.6 million on emergency efforts to respond to a ransomware attack that destabilized municipal operations last month. Attackers, who infected the city’s systems with the pernicious SamSam malware, asked for a ransom of roughly $50,000 worth of bitcoin. (The exact value has fluctuated due to bitcoin’s volatility.) Atlanta… Read More
Microsoft Engineer Charged in Reveton Ransomware Case The accused is Raymond Uadiale, 41, a naturalized US citizen of Nigerian descent, who currently works for Microsoft in Seattle since 2014, according to his LinkedIn page. Source: bleepingcomputer… Read More