#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

ransomware attack | Breaking Cybersecurity News | The Hacker News

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

Dec 04, 2018
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour. What's Interesting? Unlike almost every ransomware malware, the new virus doesn't demand ransom payments in Bitcoin. Instead, the attacker is asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China's most popular messaging app. Ransomware + Password Stealer — Unlike WannaCry and NotPetya ransomware outbreaks that caused worldwide chaos last year, the new Chinese ransomware has been targeting only Chinese users. It also includes an additional ability to steal users' account passwords for Alipay, NetEase 163 email service, Baidu Cloud Disk, Jingdong (JD.com), Taobao, Tmall , AliWangWang, and QQ websites. A Supply Chain Attack — According to Chinese cybers
U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

Nov 28, 2018
The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictment unsealed today at New Jersey court revealed. The duo used SamSam ransomware to extort over $6 million in ransom payments since 2015, and also caused more than $30 million in damages to over 200 victims, including hospitals , municipalities, and public institutions. According to the indictment, Savandi and Mansouri have been charged with a total of six counts, including one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two counts of intentional damage to a protected computer, and two counts of transmitting a demand in relation to damaging a protected computer. Si
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
New Malware Combines Ransomware, Coin Mining and Botnet Features in One

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Sep 19, 2018
Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke—the Chinese speaking APT threat actors group known for previous cyber attacks involving ransomware and cryptocurrency miners . According to the researchers from security vendor Palo Alto Networks, who uncovered the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/ NotPetya . In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization's network. Developed in Python, XBash hunts for vul
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Ransomware Attack Takes Down Bristol Airport's Flight Display Screens

Ransomware Attack Takes Down Bristol Airport's Flight Display Screens

Sep 17, 2018
Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend. The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights. The attack forced the airport officials to take down its systems and use whiteboards and paper posters to announce check-in and arrival information for flights going through the airport and luggage pickup points for all Friday, Saturday, and the subsequent night. "We are currently experiencing technical problems with our flight information screens," a post on the Bristol Airport's official Twitter feed read on Friday. "Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passeng
Former Microsoft Engineer Gets Prison for Role in Reveton Ransomware

Former Microsoft Engineer Gets Prison for Role in Reveton Ransomware

Aug 15, 2018
A former Microsoft network engineer who was charged in April this year has now been sentenced to 18 months in prison after pleading guilty to money laundering in connection with the Reveton ransomware. Reveton malware is old ransomware, also known as scareware or police ransomware that instead of encrypting files locks the screen of victims' computers and displays a message purporting to come from a national law enforcement agency. The splash screen of the malware was designed to falsely tell unsuspecting victims that they have been caught doing illegal or malicious activities online or the law enforcement had found illegal material on their computer, forcing users to make pay a "fine" of $200-300 within 48 hours to regain access to their computers. Raymond Odigie Uadiale, 41-year-old, who worked as a Microsoft network engineer, is not the actual author of the Reveton ransomware , but he helped the Reveton distributor, residing in the UK and identified as the online
TSMC Chip Maker Blames WannaCry Malware for Production Halt

TSMC Chip Maker Blames WannaCry Malware for Production Halt

Aug 07, 2018
Taiwan Semiconductor Manufacturing Company (TSMC)—the world's largest makers of semiconductors and processors—was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus. Now, it turns out that the computer virus outbreak at Taiwan chipmaker was the result of a variant of WannaCry —a massive ransomware attack that wreaked havoc across the world by shutting down hospitals, telecom providers, and many businesses in May 2017. TSMC shut down an entire day of production this weekend after several of its factories systems were halted by a computer virus in the middle of the ramp-up for chips to be used by Apple's future lines of iPhones, which could impact revenue by approx $256 million. According to the semiconductor manufacturer, its computer systems were not direct attacked by any hacker, but instead, were exposed to the malware "when a supplier installed tainted software without a virus scan" to TSMC&
SamSam Ransomware Attacks Extorted Nearly $6 Million

SamSam Ransomware Attacks Extorted Nearly $6 Million

Jul 31, 2018
Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started distributing the malware in the wild. Researchers at Sophos have tracked Bitcoin addresses owned by the attackers mentioned on ransom notes of each SamSam version and found the attackers have received more than $5.9 million from just 233 victims, and their profits are still on the rise, netting around $300,000 per month. "In total, we have now identified 157 unique addresses which have received ransom payments as well as 89 addresses which have been used on ransom notes and sample files but, to date, have not received payments," the new report by Sophos reads. SamSam Ransomware Attacks > What makes SamSam stand out from other forms of ransomware is that SamSam is not distributed
World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

Nov 27, 2017
A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. The popular malspam botnet Necrus which has previously found distributing Dridex banking trojan , Trickbot banking trojan , Locky ransomwar e, and Jaff ransomware , has now started spreading a new version of Scarab ransomware. According to F-Secure , Necurs botnet is the most prominent deliverer of spam emails with five to six million infected hosts online monthly and is responsible for the biggest single malware spam campaigns. Scarab ransomware is a relatively new ransomware family that was initially spotted by ID Ransomware creator Michael Gillespie in June this year. Massive Email Campaign Spreads Scarab Ransomware According to a blog post published by security firm Forcepoint, the massive email campaign spreading Scarab ransomware virus started at
Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread

Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread

Oct 27, 2017
A new widespread ransomware worm, known as " Bad Rabbit ," that hit over 200 major organisations, primarily in Russia and Ukraine this week leverages a stolen NSA exploit released by the Shadow Brokers this April to spread across victims' networks. Earlier it was reported that this week's crypto-ransomware outbreak did not use any National Security Agency-developed exploits, neither EternalRomance nor EternalBlue , but a recent report from Cisco's Talos Security Intelligence revealed that the Bad Rabbit ransomware did use EternalRomance exploit. NotPetya ransomware (also known as ExPetr and Nyetya) that infected tens of thousands of systems back in June also leveraged the EternalRomance exploit , along with another NSA's leaked Windows hacking exploit EternalBlue, which was used in the WannaCry ransomware outbreak. Bad Rabbit Uses EternalRomance SMB RCE Exploit Bad Rabbit does not use EternalBlue but does leverage EternalRomance RCE exploit to spread
Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe

Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe

Oct 24, 2017
A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed " Bad Rabbit ," is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems. According to an initial analysis provided by the Kaspersky, the ransomware was distributed via drive-by download attacks, using fake Adobe Flash players installer to lure victims' in to install malware unwittingly. "No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. We've detected a number of compromised websites, all of which were news or media websites." Kaspersky Lab said . However, security researchers at ESET have detected Bad Rabbit malware as ' Win32/Diskcoder.D ' —
Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users

Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users

Aug 31, 2017
Whenever we feel like the Locky ransomware is dead, the notorious threat returns with a bang . Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware . Lukitus Campaign Sends 23 Million Emails in 24 Hours The campaign spotted by researchers at AppRiver sent out more than 23 million messages containing Locky ransomware in just 24 hours on 28 August across the United States in what appears to be one of the largest malware campaigns in the second half of this year. According to the researchers, the emails sent out in the attack were "extremely vague," with subjects lines such as "please print," "documents," "images," "photos," "pictures," and "scans" in an attempt to convince victims into infecting themselves with Locky ransomware. The email comes with a ZIP attachment (hiding the malware payload) tha
Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

Aug 15, 2017
Ransomware has been around for a few years but has become an albatross around everyone's neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars. In just past few months, we saw a scary strain of ransomware attacks including WannaCry , Petya and LeakerLocker , which made chaos worldwide by shutting down hospitals, vehicle manufacturing, telecommunications, banks and many businesses. Before WannaCry and Petya , the infamous Mamba full-disk-encrypting ransomware and the Locky ransomware had made chaos across the world last year, and the bad news is—they are back with their new and more damaging variants than ever before. Diablo6: New Variant of Locky Ransomware First surfaced in early 2016, Locky has been one of the largest distributed ransomware infections, infecting organisations across the globe. By tricking victims into clicking on a malicious attachment, Locky ransomware encrypt
Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

Aug 10, 2017
Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe around 45 days ago. However, the story is not as simple as it seems, which portrayed this man as a criminal. I recommend you to read complete article to understand the case better and then have an opinion accordingly. Sergey Neverov (Сергей Неверов), father of two sons and the resident of the southern city of Nikopol, is a video blogger and computer enthusiast who was arrested by the Ukrainian police on Monday, August 7 from his home. What Neverov Did? According to a press release published on Thursday by the Ukrainian cyber police department, Neverov uploaded a video, showing how to infect a computer with Petya.A ransomware—and also shared a download link for NotPetya malware to his social media
Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

Aug 03, 2017
The cyber criminals behind the global WannaCry ransomware attack that caused chaos worldwide have finally cashed out their ransom payments. Nearly three months ago, the WannaCry ransomware shut down hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of computers in more than 150 countries, encrypting files and then charging victims $300-$600 for the keys. WannaCry was really bad, as the nasty ransomware forced the British NHS (National Health Service) to shut down hospitals and doctor's surgeries, and infected a Spanish telecommunications company and Russian mobile operator, among much more. Even a month after the outbreak, the WannaCry ransomware was found infecting systems at Honda Motor Company , forcing the factory to shut down its production, and 55 speed and traffic light cameras in Victoria, Australia. Overall, the hackers behind WannaCry made $140,000 in Bitcoins from the victims who paid for the decryption keys—but for
[Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack

[Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack

Jul 05, 2017
Ukrainian National Police has released a video showing officers raiding company of M.E.Doc accounting software makers, whose systems have been linked to outbreak of Petya (NotPetya) ransomware that recently infected computers of several major companies worldwide. On 4th July, masked police officers from Ukrainian anti-cybercrime unit — carrying shotguns and assault rifles — raided the software development firm " Intellect Service, " in the capital city Kyiv and seized their servers, which were reportedly compromised by hackers to spread (ExPetr, PetrWrap, Petya, NotPetya) ransomware. Researchers from ESET security firm have found a very stealthy malicious code in the M.E.Doc software update which was injected by an unknown hacker or group of hackers in mid-April by exploiting a vulnerability. The malicious software upgrade, designed to install a backdoor and give unauthorized remote access to attackers, was then delivered as an update to nearly 1 million computers belonging
Cybersecurity Resources