US Conference of Mayors adopts a resolution to never pay off ransomware attackers

As city after city has remitted hundreds of thousands of dollars to pay off ransomware criminals who hijacked their crucial systems, the US Conference of Mayors had unanimously adopted a resolution to never pay these ransoms again, on the basis that these payments "encourage continued attacks on other government systems, as perpetrators financially benefit," Read the rest

Less than 1 week after Florida town pays ransomware gang ~$600K, another Florida town votes to pay ~$500K in BTC to ransomware gang

It hasn't even been a full week since Riviera City, a town that fell victim to ransomware hackers, paid almost $600,000 in an attempt to regain control of vital city networks. Today, there's news that the government of yet another Florida town, Lake City, has voted to pay $500,000 in bitcoin to hackers for the same. Read the rest

Report: UK "Ransomware consultants" Red Mosquito promise to unlock your data, but they're just paying off the criminals (and charging you a markup!)

Last month, Propublica published a blockbuster investigative report on companies that claimed they could help you get your ransomware-locked data back, but who were secretly just paying off the criminals -- one company got so good at it that ransomware criminals started to refer their victims to them. Read the rest

Learning from Baltimore's disaster, Florida city will pay criminals $600,000 to get free of ransomware attack

The city council of Riviera Beach, Florida has voted unanimously to pay $600,000 to criminals who seized control of the city's computers through a ransomware attack, after three weeks of being locked out of the city systems (the city has also voted to spend $1m replacing its computers). Read the rest

The government of Baltimore has been taken hostage by ransomware and may remain shut down for weeks

Nearly two weeks after the city of Baltimore's internal networks were compromised by the Samsam ransomware worm (previously), the city is still weeks away from recovering services -- that's weeks during which the city is unable to process utility payments or municipal fines, register house sales, or perform other basic functions of city governance. Read the rest

Grifty "information security" companies promised they could decrypt ransomware-locked computers, but they were just quietly paying the ransoms

Ransomware has been around since the late 1980s, but it got a massive shot in the arm when leaked NSA cyberweapons were merged with existing strains of ransomware, with new payment mechanisms that used cryptocurrencies, leading to multiple ransomware epidemics that locked up businesses, hospitals, schools, and more (and then there are the state-level cyberattacks that pretend to be ransomware). Read the rest

Prolific "porn blackmailer" jailed for six years

Zain Qaiser, from Barking in London, scammed millions of pounds out of website visitors and is off to jail. He may be the world's most prolific ransomware distributor, reports the BBC, exposed in a trial that focused on easy-to-blackmail porn site visitors.

Qaiser, 24, was jailed for more than six years at Kingston Crown Court. The court heard he is the most prolific cyber criminal to be sentenced in the UK. Judge Timothy Lamb QC said: "The harm caused by your offending was extensive - so extensive that there does not appear to be a reported case involving anything comparable." ...

Qaiser was first arrested almost five years ago - but the case has been delayed because of the complexity of the investigation and mental health concerns. Initially working from his bedroom at his family home in Barking, Qaiser began to make money through "ransomware" attacks when he was only 17 years old.

Read the rest

PewDiePie fan unleashes ransomware that encrypts hard drives until he gets 100M subscribers

YouTuber PewDiePie has more subscribers than anyone else on the network, and some of his rabid fans have released at least two ransomware strains that encrypt hard drives and display a notice that informs victims that a decryption key will be made available only when PewDiePie's account gets 100 million subscribers. One of the ransomware strains also warned victims that if, at any time, the Indian Bollywood channel T-Series gets more subscribers than PewDiePie, the decryption key will not be released.

From ZD Net:

Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.

Yesterday, the team at Emsisoft released their own decrypter app based on these two tools, meaning victims can recover files without having to wait months until PewDiePie reached 100 million subscribers.

Both ransomware strains show the level of idiocy the competition for YouTube's top spot has reached. While T-Series fans have remained mostly quiet most of this time, a portion of PewDiePie's fans appears to have lost their minds and engaged in media stunts bordering on criminal behavior.

They've defaced sites, taken over printers, and hijacked thousands of Chromecasts and smart TVs to spew out messages of support and the now-classical "subscribe to PewDiePie."

The message itself has become a meme, and not in a good way.

Read the rest

Ships are just giant floating computers, filled with ransomware, BadUSB, and worms

A coalition of shipping industry associations has published The Guidelines on Cyber Security Onboard Ships, laying out best practices for the giant ships that ply the seas, and revealing that these behemoths are routinely infected with worms, ransomware, and malware spread by infected USB devices. Read the rest

NHS okays hospitals and doctors storing patient data on public cloud servers

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

No More Ransom: a clearinghouse for removing ransomware without paying

No More Ransom is a joint effort by Europol, the Dutch police, Kaspersky and McAfee to help people who've been compromised by ransomware get their data back without paying off criminals. Read the rest

A new, virulent ransomware epidemic is fuelled by yet another leaked NSA cyberweapon

The global epidemic of Wannacry ransomware infections was the result of petty criminals fusing an old ransomware strain with a leaked NSA cyberweapon that was released by The Shadow Brokers, and the result was tens of millions of dollars' worth of economic harm. Read the rest

Simple steps your small organization can take to defend itself against cyberattacks

Respected security researcher Dan Wallach from Rice University has published a short (18 page) guide to securing small organizations against three kinds of cyberattack: Untargeted, ​remote ​(spammers, ​phishers, ​ransomware ​griefers, ​etc.); Targeted, ​remote ​(spear ​phishers); and Targeted, ​in ​person ​(immigration ​agents, ​police, ​criminal ​trespass). Read the rest

Global Wannacry payout: $140,000 -- a superweapon in the hands of dum-dums

The Wannacry worm burned through the world's unpatched IT systems, hitting more than 80 countries in 24 hours, taking down hospitals, airlines, banks and logistics companies, until a hidden killswitch was able to halt its spread. Read the rest

That "ransomware" attack was really a cyberattack on Ukraine

According to Kaspersky, the Petya ransomware that raced around the world this week wasn't ransomware at all, and there is no way to get back your files after it does its work (that's why it was so easy to shut down the email address the ransomware used to negotiate payments and decryption with victims whose computers had been taken over). Read the rest

Ransomware crook's email provider shuts down account, so now no one can pay their ransom

Yesterday's massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware's author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account. Read the rest

New massive ransomware attack paralyzing European banks, airports, government departments

Hot on the heels of the WannaCry attack, a massive, new, ransomware attack has struck Europe, shutting down systems in Ukraine, Britain, and Spain.

From The Telegraph:

The virus is believed to be ransomware - a piece of malicious software that shuts down a computer system and then demands an extortionate sum of money to fix the problem.

It comes just a few weeks after the WannaCry hack which affected more than 150 countries and crippled parts of the NHS.

American and British analysts believe that attack, which unfolded in May, was carried out by North Korea. It remains unclear who is responsible for Tuesday's attack.

From Wired:

It's not yet clear where the wave of attacks originated or who is behind it. "Everyone talked about Ukraine first, but I don't know. It's worldwide," says MalwareHunterteam, a researcher with the MalwareHunterTeam analysis group.

Most troubling, perhaps, is that Petya doesn't appear suffer the same errors that stunted WannaCry's spread. The amateurish mistakes that marked that outbreak limited both the scope and the eventual payouts collected; it even included a "kill switch" that shut it off entirely after just a couple of days.

Image: Christiaan Colen Read the rest

More posts