Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …

Content-monetization specialist, Coil, announced on June 10 that it had made a strategic investment into independent technology publishing platform, Hacker Noon. This also marked the start of a three-year partnership between the companies, focusing on Web Monetization for Hacker Noon’s contributing writers. A match made in heaven Hacker Noon is a tech-focused news website boasting 4 million monthly readers and featuring content created by over 10,000 contributors. Coil is a platform allowing subscribers to stream micropayments to creators based on the time spent consuming their content. It uses a proposed open web standard called Web Monetization to do this. Putting …

Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …

Recently, some of the 120,000 Bitcoin (BTC) that was stolen from Bitfinex in 2016 started moving again. Here is what has been happening with this stash of coins valued at over $1 billion. 2016 Bitfinex hack summary. Source: Crystal. $1 billion in BTC waiting to be dumped Thus far, the hackers have moved less than 3,000 BTC out of almost 120,000 BTC that they managed to steal from the exchange. The highest proportion of coins that have been spent went to darknet marketplaces, with the Russain giant Hydra leading the pack with 736 BTC. This is worrisome, as it would …

On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …

ST Engineering Aerospace’s US subsidiary suffered a ransomware attack that managed to extract about 1.5TB of sensitive data from the firm and its partners. According to an article published by The Straits Times on June 6, the Singapore-based company was allegedly attacked by the well-known ransomware gang Maze in March, citing an analysis by cybersecurity firm, Cyfirma. The report details that the data stolen by the criminals is related to contract details with various government, organizations, and airlines across the globe. No additional details were provided on its content. Undetectable for common antiviruses software Cointelegraph had access to an internal …

As free ransomware decryptor tools begin to enter the market, a wave of fake software that claims to decrypt ransomware-affected files has begun to proliferate. According to a report released by Bleeping Computer on June 5, the creators behind Zorab ransomware released a fake STOP Djvu decryptor. Instead of recovering a victim’s data however, this software appears to encrypt their files further with a second ransomware. When the victim opens one of these tools, the software extracts an executable file called crab.exe. This is the Zorab ransomware itself. Once executed, the tool will encrypt all files present with a .ZRB …

Malware lab, Emsisoft, released a free decryptor tool on June 4. The tool enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom. Researchers from the BlackBerry’s security unit first discovered the ransomware. They stated in TechCrunch that Tycoon uses a Java file format to make it more difficult to detect before deploying its payload that encrypts the files. How does Tycoon work Speaking with Cointelegraph, Brett Callow, threat analyst of Emsisoft, said: “Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on …

On June 3, Spain-based telecommunications conglomerate, Telefónica, released a free tool to recover data encrypted by the VCryptor ransomware. The tool, VCrypt Decryptor, was created as part of an international initiative titled “No More Ransomware”. This alliance was established by McAfee, Europol, Politie, and Kaspersky. It is one of several tools that aim to decrypt almost 134 types of ransomware. VCrypt’s attack method According to ElevenPaths, Telefonica’s specialized cybersecurity unit, VCryptor creates a password-protected .zip file in which it stores all encrypted data. It then generates new files with the extension “.vcrypt,” to replace the original files. The ransomware then …

Blockchain firm Elrond has invited hackers to attack its network during its upcoming incentivized stress test. According to an announcement on Tuesday, the upcoming Elrond incentivized stress test will include a variety of different attacks on the network. Elrond's CEO, Beniamin Mincu, explained to Cointelegraph: "Anything that takes the network down is allowed, as long as it's not breaking the law or social privacy of participants. So DDoS-ing, hijacking rewards, stealing coins, double spending, minting new coins & other similar situations - we will reward every successful attempt to do any of those things.” A blockchain transformed into a cyber …

Reports emerged on May 31 about a hacker that stole and leaked the database of Daniel’s Hosting (DH), the largest free web hosting provider in the darknet, and the home of several crypto-related forums and stores. The hacker —under the pseudonym “KingNull”— also claims to be part of the Anonymous collective and reportedly got the information after the second hacking suffered by DH on March 10, which resulted in 7,600 dark websites taken down. The fact forced the hosting provider to shut down its service and urged the users to migrate their sites to new ones on the dark web. …

Malware team, NetWalker, launched a ransomware attack against the Austrian village of Weiz. This attack affected the public service system and leaked some of the stolen data from building applications and inspections. According to the cybersecurity firm, Panda Security, hackers managed to penetrate the village's public network through phishing emails related to the COVID-19 crisis. COVID-19 as bait to deploy the ransomware The subject of the emails — "information about the coronavirus," — was used to bait employees of Weiz's public infrastructure into clicking on malicious links, thus triggering the ransomware. Panda Security claims that the attack belongs to a …