A week in security (August 17 – 23)

Last week on Malwarebytes Labs, we looked at the impact of COVID-19 on healthcare cybersecurity, dug into some pandemic stats in terms of how workforces coped with going remote, and served up a crash course on malware detection. Our most recent Lock and Code podcast explored the safety of parenta...

Ransom Demands Return: New DDoS Extortion Threats From Old Actors Targeting Finance and Retail

Update 08/24/2020 As mentioned below, the Akamai SIRT has been tracking attacks from the so-called Armada Collective and Fancy Bear actors, who are sending ransom letters to various industry verticals such as finance, travel, and e-commerce. In addition to the...

NetWalker Ransomware Rakes in $29M Since March

The NetWalker ransomware has been around for about a year, but it has really made a name for itself in 2020, racking up around $29 million in extortion gains just since March. First detected in August 2019, NetWalker lingered around before surging in use in March through June, according to an...

Google Updates Ad Policies to Counter Influence Campaigns, Extortion

Google is making two changes in its advertising policy as the U.S. moves into the fall election season ahead of the presidential contest in November, in an attempt to thwart disinformation campaigns. For one, Google is updating its Google Ads Misrepresentation Policy to prevent coordinated activi...

Take a "NetWalk" on the Wild Side

ARCHIVED STORY Take a “NetWalk” on the Wild Side ATR Operational Intelligence Team · AUG 03, 2020 · 25 MIN READ Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of...

Take a "NetWalk" on the Wild Side

ARCHIVED STORY Take a “NetWalk” on the Wild Side ATR Operational Intelligence Team · AUG 03, 2020 · 25 MIN READ Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of...

21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges

The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah. Both suspects—Joshua Polloso...

21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges

The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah. Both suspects—Joshua Polloso...

Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed...

Ransomware Gangs Don’t Need PR Help

We've seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into...

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly...

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked

A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information. The company, Westech International, has a range of contracts with the...

Ransomware Gang Arrested for Spreading Locky to Hospitals

A cybercriminal gang have been arrested for spreading the Locky ransomware among hospitals, among other crimes. In an operation spearheaded by Romania’s law enforcement department, four people have been taken into custody after their houses were raided – three in Romania and one in neighboring...

News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries

Threatpost editors discuss the top news stories of the week ended May 15, including: Recent ransomware attacks, including ones targeting healthcare giant Magellan, the IT office that supports Texas appellate courts and judicial agencies, and a popular law firm that works with several A-list...

REvil Ransomware Attack Hits A-List Celeb Law Firm

A popular law firm that works with several A-list celebrities, including Lady Gaga, Drake and Madonna, has been hit by a ransomware attack. Hackers are now threatening to release the 756 gigabytes of data allegedly stolen – including non-disclosure agreements, client contracts and personal...

Hackers Leak Biopharmaceutical Firm's Data Stolen in Ransomware Attack

The Clop ransomware group attacked biopharmaceutical company ExecuPharm and reportedly leaked some of the company’s compromised data on underground forums. ExecuPharm, a Pennsylvania-based subsidiary of the U.S. biopharmaceutical giant Parexel, provides clinical trial management tools for...

Public Sector Ransomware Attacks Rage On: Can Your Organization Repel Them?

To pay or not to pay? That is the question many public-sector organizations must grapple with when faced with a complex ransomware attack – even while the COVID-19 pandemic rages on around them. Ransomware attacks to municipal, local, and state government agencies are on the rise. Places as...

LA County Hit with DoppelPaymer Ransomware Attack

The DoppelPaymer ransomware operators claim that they’ve hit a Los Angeles county with a ransomware attack – and are now leaking the city’s data online, according to a recent report. Impacted is the city of Torrance, a coastal U.S. city in the South Bay region of LA, which has a population of...

IC3 Releases Alert on Extortion Email Scams

The Internet Crime Complaint Center IC3 has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. The Cybersecurity and Infrastructure Security Agency CISA...

'Double Extortion' Ransomware Attacks Spike

Victims of ransomware attacks now face a double whammy of headaches. Cybercriminals are increasingly inflicting more pain on ransomware victims by threatening to leak compromised data or use it in future spam attacks, if ransom demands aren’t met. The ransomware tactic, call “double extortion,”...