The Hacker News - Cybersecurity News and Analysis: ransomware

As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. The new research, published by Palo Alto Networks and shared with The Hacker News, confirmed that "the threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis." While the security firm didn't name the latest victims, it said a Canadian government healthcare organization and a Canadian medical research university both suffered ransomware attacks, as criminal groups seek to exploit the crisis for financial gain. The attacks were detected between March 24 and March 26 and were initiated as part of the coronavirus-themed phishing campaigns that have become widespr

In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money. Unfortunately, to some extent, it's working, and that's because the attack surface is changing and expanding rapidly as many organizations and business tasks are going digital without much preparation, exposing themselves to more potential threats. Most of the recent cyberattacks are primarily exploiting the fears around the COVID-19 outbreak—fueled by disinformation and fake news—to distribute malware via Google Play apps , malicious links and attachments, and execute ransomware attacks. Here, we took a look at some of the wide range of unseen threats rising in the digital space, powered by coronavirus-themed lures that cybercriminals are using for espionage and commercial gain. The latest development adds to a l

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days. "A cyber threat actor used a spear-phishing link to obtain initial access to the organization's information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks," CISA noted in its alert. As ransomware attacks continue to escalate in frequency and scale , the new development is yet another indication that p

A new variant of Vega ransomware family, dubbed Zeppelin , has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan, breathe a sigh of relief, as the ransomware terminates its operations if found itself on machines located in these regions. It's notable and interesting because all previous variants of the Vega family, also known as VegaLocker, were primarily targeting Russian speaking users, which indicates Zeppelin is not the work of the same hacking group behind the previous attacks. Since Vega ransomware and its previous variants were offered as a service on underground forums, researchers at BlackBerry Cylance believes either Zeppelin "ended up in the hands of different threat actors" or "redeveloped from bought/stolen/leaked sources." According to a report BlackBerry Cyl

Targeted ransomware attacks on banking and finance, government , healthcare , and critical infrastructure are on the rise, with the latest victim being the state government of Louisiana. The state government of Louisiana was hit by a large-scale coordinated ransomware attack yesterday, which forced the state to take several state agency servers offline, including government websites, email systems, and other internal applications, to mitigate the risk of the malware's infection from spreading. The Monday's ransomware attack resulted in the subsequent shutdown of a majority of large state agencies, including the Office of the Governor, the Office of Motor Vehicles, the Department of Health, the Department of Children and Family Services, and the Department of Transportation and Development, among others. Louisiana Gov. John Bel Edwards revealed the incident in a series of tweets, saying that he had activated the state's cybersecurity team in response to the cyber