The number of successful ransomware attacks witnessed a decrease between January and April 2020 in the U.S. public sector amid the COVID-19 crisis. However, researchers have recently noticed that trend reversing, with incidents now starting to increase. According to the study by the malware lab, Emsisoft, the figures show a decline in comparison to the 966 targeted establishments that were successfully attacked at the cost of $7.5 billion. Strong decline in the figures compared with 2019 stats However, during the Q1 and Q2 2019, just 128 federal and state entities, healthcare providers, and educational districts were attacked by ransomware gangs. …

The U.S. Department of Justice, or DoJ, indicted Andrey Turchin, known under the pseudonym "fxmsp," with various federal crimes. Turchin allegedly founded a cybercrime group that targeted the computer networks of several companies. After stealing each company’s data, Turchin’s group allegedly sold the data on the dark web. Turchin, a 37 year old Kazakhstan national, is affectionately known on the dark web as "the invisible god of networks." He allegedly sold access to thousands of networks breached with his malware attacks, amassing a million dollar crypto fortune over the course of three years. The Western District of Washington is now …

Twitter users have raised concerns about the possibility of Binance’s Android app containing spyware. This speculation comes after recent revelations suggest that the social video platform, TikTok, contains spyware created by the Chinese government. According to the Twitter user @ShitcoinSherpa, who posted a certificate issuer’s screenshot, the permissions asked by Binance in its Android app include access to the camera and the ability to record audio. Notedly the app does not appear to have any public features that use these functions: The delicious irony of shitting on TikTok for being Chinese spyware, but still using the Binance app 🙄 pic.twitter.com/rn9RGW2z88 …

A hacker gang known as “Keeper” established an interconnected network to steal credit card data from over 570 e-commerce sites. Since 2017, they have profited around $7 million in crypto by selling card information through the dark web. According to a July 7 study by threat intelligence firm, Gemini Advisory, the hacker group managed to create 64 attacker domains and 73 exfiltration domains. These domains were used to retrieve user credit card data from numerous e-commerce sites located across 55 countries. The malicious domains hosted an identical login panel from each e-commerce website. They inserted a malware payload to get …

The U.S. Secret Service issued a warning about an increase in hacks targeting managed service providers, or MSPs, of both the U.S. private sector and various government entities. According to a document published by ZDNet on June 7, threat actors have been widely relying on ransomware attacks, point-of-sale intrusions, and business email compromise scams to breach the internal networks of MSP customers. Remote management software under threat MSPs are service providers related to remote management software for enterprises, including file-sharing systems for internal networks, which could also be hosted inside a cloud infrastructure. U.S. Secret Service officials issued a warning, …

As interconnectivity turns the world into a global village, cyberattacks are expectedly on the rise. According to reports, the tail end of last year saw a spike in the average amount of payments made to ransomware attackers, as several organizations were forced to pay millions of dollars to have their files released by malware attackers. Apart from the fact that the current pandemic has left many individuals and corporations vulnerable to attacks, the notion that cryptocurrencies are an anonymous and untraceable payment method has led many ransomware attackers to demand payment in Bitcoin (BTC) and other altcoins. Just recently, a …

Microsoft Security Intelligence alerted users to a type of ransomware, called Avaddon, that uses Excel 4.0 macros to distribute malicious emails. These emails contain attachments which deploy an attack when opened in any version of Excel. Avaddon ransomware emerged in early June through a massive spam campaign that randomly targeted its victims. Some patterns seem to indicate that the ransomware mostly targets Italian users. Impersonating Italian officials As BleepingComputer reports, the attackers behind the ransomware are recruiting “affiliates” to spread the payload. According to their analysis, Avaddon’s average ransom amount is around $900, paid in crypto. The attack commonly impersonates …

Cross-platform database company, MongoDB, is the latest victim of a cybercriminal attack. This attack has infiltrated 22,900 unsecured databases by wiping their contents. The gang behind the attack has since requested Bitcoin (BTC) payments in exchange for a backup of the data. According to WeLiveSecurity from the cybersecurity firm ESET, if the ransom isn't paid in two days, the hacker, or a gang of cybercriminals, threatened to notify authorities in charge of enforcing European Union's General Data Protection Regulation, or GDPR. A report published by ZDNet explains that the number of databases compromised in the “Wiping & Ransom” attack account …

The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …

The Australian Cyber Security Centre said a group of “state actors” hacked Australian networks on June 19 and one of the vulnerabilities they exploited is related to cryptojacking malware attacks. According to the 48-page report released on June 24, the threat actors exploited four critical vulnerabilities in Telerik UI, including CVE-2019-18935, which was recently leveraged by the Blue Mockingbird malware gang to infect thousands of systems with XMRRig, a Monero (XMR) mining software. Vulnerability mostly used for cryptojacking purposes Although the advisory didn’t say if hackers could have installed cryptojacking malware during the recent massive cyberattack, such vulnerability is the …

Two ransomware gangs reportedly attacked the electronics giant, LG, and Japanese multinational car manufacturer, Mitsubishi. The hackers are now threatening both companies with data leaks. Screenshots posted to the gang’s blog show several files, as well as source code from the attack. No official statement from LG yet As of press time, the electronics giant has not addressed the incident officially. A statement from the ransomware gang alleges that the hackers managed to steal over 40GB of source code from the manufacturer. However, Brett Callow, threat analyst and ransomware expert at malware lab Emsisoft, stated that the alleged proofs don’t …

A group of researchers from SophosLabs state that hackers operating the cryptojacking malware, Glupteba, have been using the Bitcoin blockchain network to communicate in secret. According to the report published on June 24, cybercriminals rely on a command and control center where they send encrypted secret messages that require a 256-bit AES decryption key. Encrypted messages used to update malware The purpose of the communication channel is for hackers to receive updated configuration information for the malware. This data is used by attackers to obtain precise instructions and thus update the malicious software. Glupteba is what’s known as a zombie …