jm + ransomware   4

REvil Ransomware
Kevin Beaumont is calling this 'totally out of control'; 'the quiet cover up by companies paying ransoms is creating advanced attackers operating at a skill and capability which are going to be very difficult to defend against':
We’ve seen 150 000 unique infections in the past 5 months. And a total of 148 samples together demanding more than 38 million dollars. Some of the attacks are on a huge scale, encrypting over 3000 unique systems in one attack. Some of these attacks where discussed in the news, but many companies remained silent. Keep in mind we have a limited visibility of all samples; we only extract samples from pastebin. For the infection traffic we don’t have visibility on samples that disable the C2 traffic. Next to this not every sample hits all of the c2 domains. All statistics shown in this blog are a subset of the total scale. The actual problem is even bigger than we can measure. [....]

With the rise of more mature and big malicious business relaying on ransomware it is apparent that infosec plays crucial role. The most important step we as a security industry is secure offsite backups that are not removable from the network or using privileges acquired within the network. After that we can spend time actually securing our networks.
revil  ransomware  security  malware  ransoms  via:gossi 
26 days ago by jm
massive Travelex outage
The holiday money exchange site has been offline for the past 7 days, reportedly due to a ransomware infection, with 5GB of PII data exfiltrated
travelex  fail  security  exploits  ransomware  malware  outages 
6 weeks ago by jm
Talos Intelligence review of Nyetya and the M.E.Doc compromise
Our Threat Intelligence and Interdiction team is concerned that the actor in question burned a significant capability in this attack.  They have now compromised both their backdoor in the M.E.Doc software and their ability to manipulate the server configuration in the update server. In short, the actor has given up the ability to deliver arbitrary code to the 80% of UA businesses that use M.E.Doc as their accounting software, along with any multinational corporations that leveraged the software.  This is a significant loss in operational capability, and the Threat Intelligence and Interdiction team assesses with moderate confidence that it is unlikely that they would have expended this capability without confidence that they now have or can easily obtain similar capability in target networks of highest priority to the threat actor.
security  malware  nyetya  notpetya  medoc  talos  ransomware 
july 2017 by jm
Global ‘Wana’ Ransomware Outbreak Earned Perpetrators [just] $26,000 So Far
As thousands of organizations work to contain and clean up the mess from this week’s devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam.
money  fraud  ransomware  wana  brian-krebs  bitcoin  cryptocurrency  viruses 
may 2017 by jm

Copy this bookmark:



description:


tags: