Big Week For Ransomware

  /     /     /  
Publicated : 22/11/2024   Category : security


Big Week For Ransomware


Inventive new variants and damaging attacks swept through the headlines this week.



What a week for ransomware. The bullish code that extorts users by locking or encrypting their files and devices has made headlines all week. In case you missed it, heres a roundup.
Israeli Electric Authority
While more information was emerging about the December attack on the electric grid in Ukraine, the Israeli energy sector tried to get in on the action, reporting an attack at the Israel Electric Authority.
Yet, the initial excitement abated when it turned out that the event was a far cry from a major blackout. According to
Rob Lee of the SANS Institute
, The Israel Electric Authority is just a regulatory body, and the attack was simply a ransomware infection affecting some of their 30 employees.
Lincolnshire County Council
The Register
reports that a local government agency in the United Kingdom has fallen victim to a ransomware attack so widespread that its shut the whole place down.
The unnamed ransomware took root in a computer of the Lincolnshire County Council -- which manages local services like libraries, roads, childcare, adult care, education, and vital records -- after a staff member opened a malicious email attachment.
After getting that foothoold, the malware spread and took over 300 computers. The Council told The Register their systems may not be up again until next week.
Faking SalesForce
Meanwhile, Heimdal Security
has found the CryptoWall 4.0 ransomware running a new sophisticated new campaign that ships out phishing messages that appear to come from customer relationship management software giant SalesForce.
The messages use a variety of subject headings that often include the recipients name and reference invoices or contract confirmations. The payload is delivered via malicious attachments.
Heimdal researchers wrote about the CryptoWall teams history of rapidly rolling out new variants. Although version 4.0 just hit the scene in November, Heimdal posits that Cryptowall 5.0 is just around the corner, and may appear as soon as March.
New Android Ransomware
Symantec unearthed
an inventive new strain of Android ransomware that uses a twist on clickjacking to trick users into executing. Lockdroid.E can both encrypt all a victims files on the device and take full administrative control of the Android device. 
Lockdroid poses as a porn app (only available on third-party stores, not the official Google Play shop). The app tells the user it is installing a package -- displaying a message that states please wait, unpacking the components -- while its actually busy encrypting all your files while you wait.
When its done with that part of its nefarious work, Lockdroid displays a screen informing the user that the installation is complete and instructs them to click the continue button. Little does the user know that the screen they see is just an image overlay, and the button theyre actually clicking is to activate the NastyDevAdmin application that gives the attacker authority to lock the screen, change the PIN, and delete files.
Symantec says nearly 67 percent of Android devices are at risk to this threat.
A Greedy New Brand
Bleeping Computer
spotted another new piece of kit that breaks the usual ransomware business model. Normally, operators go for volume, distributing their code widely and setting their ransom in the modest $300 range, though Cryptowall 4.0 upped the ante to $700.
The 7ev3n ransomware has gone a different direction. So far only one victim has been seen and the demand is a payoff of 13 Bitcoin, or about $5,000.
Thats not the only way 7ev3n is unique. Although the infection at the solitary victim organization spread to multiple endpoints, the initial infection was in a server, not a client device. Plus, it combines both old-school ransomware and crypto-ransomware tactics -- encrypting files
and
locking the entire device.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Big Week For Ransomware