#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

ransomware attack | Breaking Cybersecurity News | The Hacker News

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

Dec 04, 2018
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour. What's Interesting? Unlike almost every ransomware malware, the new virus doesn't demand ransom payments in Bitcoin. Instead, the attacker is asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China's most popular messaging app. Ransomware + Password Stealer — Unlike WannaCry and NotPetya ransomware outbreaks that caused worldwide chaos last year, the new Chinese ransomware has been targeting only Chinese users. It also includes an additional ability to steal users' account passwords for Alipay, NetEase 163 email service, Baidu Cloud Disk, Jingdong (JD.com), Taobao, Tmall , AliWangWang, and QQ websites. A Supply Chain Attack — According to Chinese cybers
U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

Nov 28, 2018
The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictment unsealed today at New Jersey court revealed. The duo used SamSam ransomware to extort over $6 million in ransom payments since 2015, and also caused more than $30 million in damages to over 200 victims, including hospitals , municipalities, and public institutions. According to the indictment, Savandi and Mansouri have been charged with a total of six counts, including one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two counts of intentional damage to a protected computer, and two counts of transmitting a demand in relation to damaging a protected computer. Si
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
New Malware Combines Ransomware, Coin Mining and Botnet Features in One

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Sep 19, 2018
Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke—the Chinese speaking APT threat actors group known for previous cyber attacks involving ransomware and cryptocurrency miners . According to the researchers from security vendor Palo Alto Networks, who uncovered the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/ NotPetya . In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization's network. Developed in Python, XBash hunts for vul
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Ransomware Attack Takes Down Bristol Airport's Flight Display Screens

Ransomware Attack Takes Down Bristol Airport's Flight Display Screens

Sep 17, 2018
Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend. The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights. The attack forced the airport officials to take down its systems and use whiteboards and paper posters to announce check-in and arrival information for flights going through the airport and luggage pickup points for all Friday, Saturday, and the subsequent night. "We are currently experiencing technical problems with our flight information screens," a post on the Bristol Airport's official Twitter feed read on Friday. "Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passeng
Former Microsoft Engineer Gets Prison for Role in Reveton Ransomware

Former Microsoft Engineer Gets Prison for Role in Reveton Ransomware

Aug 15, 2018
A former Microsoft network engineer who was charged in April this year has now been sentenced to 18 months in prison after pleading guilty to money laundering in connection with the Reveton ransomware. Reveton malware is old ransomware, also known as scareware or police ransomware that instead of encrypting files locks the screen of victims' computers and displays a message purporting to come from a national law enforcement agency. The splash screen of the malware was designed to falsely tell unsuspecting victims that they have been caught doing illegal or malicious activities online or the law enforcement had found illegal material on their computer, forcing users to make pay a "fine" of $200-300 within 48 hours to regain access to their computers. Raymond Odigie Uadiale, 41-year-old, who worked as a Microsoft network engineer, is not the actual author of the Reveton ransomware , but he helped the Reveton distributor, residing in the UK and identified as the online
TSMC Chip Maker Blames WannaCry Malware for Production Halt

TSMC Chip Maker Blames WannaCry Malware for Production Halt

Aug 07, 2018
Taiwan Semiconductor Manufacturing Company (TSMC)—the world's largest makers of semiconductors and processors—was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus. Now, it turns out that the computer virus outbreak at Taiwan chipmaker was the result of a variant of WannaCry —a massive ransomware attack that wreaked havoc across the world by shutting down hospitals, telecom providers, and many businesses in May 2017. TSMC shut down an entire day of production this weekend after several of its factories systems were halted by a computer virus in the middle of the ramp-up for chips to be used by Apple's future lines of iPhones, which could impact revenue by approx $256 million. According to the semiconductor manufacturer, its computer systems were not direct attacked by any hacker, but instead, were exposed to the malware "when a supplier installed tainted software without a virus scan" to TSMC&
SamSam Ransomware Attacks Extorted Nearly $6 Million

SamSam Ransomware Attacks Extorted Nearly $6 Million

Jul 31, 2018
Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started distributing the malware in the wild. Researchers at Sophos have tracked Bitcoin addresses owned by the attackers mentioned on ransom notes of each SamSam version and found the attackers have received more than $5.9 million from just 233 victims, and their profits are still on the rise, netting around $300,000 per month. "In total, we have now identified 157 unique addresses which have received ransom payments as well as 89 addresses which have been used on ransom notes and sample files but, to date, have not received payments," the new report by Sophos reads. SamSam Ransomware Attacks > What makes SamSam stand out from other forms of ransomware is that SamSam is not distributed
World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

Nov 27, 2017
A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. The popular malspam botnet Necrus which has previously found distributing Dridex banking trojan , Trickbot banking trojan , Locky ransomwar e, and Jaff ransomware , has now started spreading a new version of Scarab ransomware. According to F-Secure , Necurs botnet is the most prominent deliverer of spam emails with five to six million infected hosts online monthly and is responsible for the biggest single malware spam campaigns. Scarab ransomware is a relatively new ransomware family that was initially spotted by ID Ransomware creator Michael Gillespie in June this year. Massive Email Campaign Spreads Scarab Ransomware According to a blog post published by security firm Forcepoint, the massive email campaign spreading Scarab ransomware virus started at
Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread

Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread

Oct 27, 2017
A new widespread ransomware worm, known as " Bad Rabbit ," that hit over 200 major organisations, primarily in Russia and Ukraine this week leverages a stolen NSA exploit released by the Shadow Brokers this April to spread across victims' networks. Earlier it was reported that this week's crypto-ransomware outbreak did not use any National Security Agency-developed exploits, neither EternalRomance nor EternalBlue , but a recent report from Cisco's Talos Security Intelligence revealed that the Bad Rabbit ransomware did use EternalRomance exploit. NotPetya ransomware (also known as ExPetr and Nyetya) that infected tens of thousands of systems back in June also leveraged the EternalRomance exploit , along with another NSA's leaked Windows hacking exploit EternalBlue, which was used in the WannaCry ransomware outbreak. Bad Rabbit Uses EternalRomance SMB RCE Exploit Bad Rabbit does not use EternalBlue but does leverage EternalRomance RCE exploit to spread
Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe

Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe

Oct 24, 2017
A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed " Bad Rabbit ," is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems. According to an initial analysis provided by the Kaspersky, the ransomware was distributed via drive-by download attacks, using fake Adobe Flash players installer to lure victims' in to install malware unwittingly. "No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. We've detected a number of compromised websites, all of which were news or media websites." Kaspersky Lab said . However, security researchers at ESET have detected Bad Rabbit malware as ' Win32/Diskcoder.D ' —
Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users

Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users

Aug 31, 2017
Whenever we feel like the Locky ransomware is dead, the notorious threat returns with a bang . Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware . Lukitus Campaign Sends 23 Million Emails in 24 Hours The campaign spotted by researchers at AppRiver sent out more than 23 million messages containing Locky ransomware in just 24 hours on 28 August across the United States in what appears to be one of the largest malware campaigns in the second half of this year. According to the researchers, the emails sent out in the attack were "extremely vague," with subjects lines such as "please print," "documents," "images," "photos," "pictures," and "scans" in an attempt to convince victims into infecting themselves with Locky ransomware. The email comes with a ZIP attachment (hiding the malware payload) tha
Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

Aug 15, 2017
Ransomware has been around for a few years but has become an albatross around everyone's neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars. In just past few months, we saw a scary strain of ransomware attacks including WannaCry , Petya and LeakerLocker , which made chaos worldwide by shutting down hospitals, vehicle manufacturing, telecommunications, banks and many businesses. Before WannaCry and Petya , the infamous Mamba full-disk-encrypting ransomware and the Locky ransomware had made chaos across the world last year, and the bad news is—they are back with their new and more damaging variants than ever before. Diablo6: New Variant of Locky Ransomware First surfaced in early 2016, Locky has been one of the largest distributed ransomware infections, infecting organisations across the globe. By tricking victims into clicking on a malicious attachment, Locky ransomware encrypt
Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

Aug 10, 2017
Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe around 45 days ago. However, the story is not as simple as it seems, which portrayed this man as a criminal. I recommend you to read complete article to understand the case better and then have an opinion accordingly. Sergey Neverov (Сергей Неверов), father of two sons and the resident of the southern city of Nikopol, is a video blogger and computer enthusiast who was arrested by the Ukrainian police on Monday, August 7 from his home. What Neverov Did? According to a press release published on Thursday by the Ukrainian cyber police department, Neverov uploaded a video, showing how to infect a computer with Petya.A ransomware—and also shared a download link for NotPetya malware to his social media
Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

Aug 03, 2017
The cyber criminals behind the global WannaCry ransomware attack that caused chaos worldwide have finally cashed out their ransom payments. Nearly three months ago, the WannaCry ransomware shut down hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of computers in more than 150 countries, encrypting files and then charging victims $300-$600 for the keys. WannaCry was really bad, as the nasty ransomware forced the British NHS (National Health Service) to shut down hospitals and doctor's surgeries, and infected a Spanish telecommunications company and Russian mobile operator, among much more. Even a month after the outbreak, the WannaCry ransomware was found infecting systems at Honda Motor Company , forcing the factory to shut down its production, and 55 speed and traffic light cameras in Victoria, Australia. Overall, the hackers behind WannaCry made $140,000 in Bitcoins from the victims who paid for the decryption keys—but for
[Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack

[Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack

Jul 05, 2017
Ukrainian National Police has released a video showing officers raiding company of M.E.Doc accounting software makers, whose systems have been linked to outbreak of Petya (NotPetya) ransomware that recently infected computers of several major companies worldwide. On 4th July, masked police officers from Ukrainian anti-cybercrime unit — carrying shotguns and assault rifles — raided the software development firm " Intellect Service, " in the capital city Kyiv and seized their servers, which were reportedly compromised by hackers to spread (ExPetr, PetrWrap, Petya, NotPetya) ransomware. Researchers from ESET security firm have found a very stealthy malicious code in the M.E.Doc software update which was injected by an unknown hacker or group of hackers in mid-April by exploiting a vulnerability. The malicious software upgrade, designed to install a backdoor and give unauthorized remote access to attackers, was then delivered as an update to nearly 1 million computers belonging
Original Author of Petya Ransomware is Back & He Wants to Help NotPetya Victims

Original Author of Petya Ransomware is Back & He Wants to Help NotPetya Victims

Jun 29, 2017
The author of original Petya ransomware is back. After 6 months of silence, the author of the now infamous Petya ransomware appeared today on Twitter to help victims unlock their files encrypted by a new version of Petya, also known as NotPetya . "We're back having a look in NotPetya," tweeted Janus, a name Petya creator previously chose for himself from a villain in James Bond. "Maybe it's crackable with our privkey. Please upload the first 1MB of an infected device, that would help." This statement made by the Petya author suggests he may have held onto a master decryption key , which if it works for the new variant of Petya infected files, the victims would be able to decrypt their files locked in the recent cyber outcry. Janus sold Petya as a Ransomware-as-a-Service (RaaS) to other hackers in March 2016, and like any regular ransomware, original Petya was designed to lock victim's computer, then return them when a ransom is paid. This
Cybersecurity Resources