Articles about ransomware

'Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal

The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical. Despite this, major security events resulting in loss of data, services, or financial loss are becoming increasingly commonplace. Brian Honan, founder and head of Ireland's first …
John Leyden, 24 Nov 2017
Image by Dr Flash http://www.shutterstock.com/gallery-182053p1.html

Bootkit ransomware baddy hops down BadRabbit hole in Japan

A new strain of ransomware is apparently being used for targeted attacks in Japan. MBR-ONI, a new bootkit ransomware, relies on modified version of a legitimate open-source disk encryption utility called DiskCryptor for its encryption routines – the same tool abused by the Bad Rabbit ransomware last week. While ONI and the …
John Leyden, 31 Oct 2017
bouncer

Mil-spec infosec spinout Cryptonite reveals its network-scrambling tech

Security startup Cryptonite dropped out of stealth ​late last week with a micro-segmentation-based technology designed to prevent​ ​hacker​ ​reconnaissance​ ​and​ ​lateral​ ​movement. CryptoniteNXT​, the firm's network​ ​appliance​, sits between an organisation's perimeter firewall and internal networks, blocking​ ​malicious …
John Leyden, 30 Oct 2017

UK.gov joins Microsoft in fingering North Korea for WannaCry

The UK government has joined Microsoft in blaming North Korea for the WannaCry ransomware attack. Security minister Ben Wallace appeared on BBC Radio4's flagship Today programme on Friday morning to blame North Korea for the infamous ransomware attack that disrupted the operation of one in three NHS Trusts in England as well …
John Leyden, 27 Oct 2017

Hop on, Average Rabbit: Latest extortionware menace flopped

As the dust settles from Tuesday's Bad Rabbit ransomware outbreak, it's already clear that it is far less severe than the WannaCrypt and NotPetya infections from earlier this year. Bad Rabbit claimed notable victims including the media agency Interfax and was largely contained in Russia and Ukraine, as previously reported. …
John Leyden, 26 Oct 2017

Watership downtime: BadRabbit encrypts Russian media, Ukraine transport hub PCs

Updated Computers at Russian media outlets and Ukraine's transport hubs were among Windows PCs infected and shut down today by another fast-spreading strain of ransomware. Corporate systems within Interfax and two other major Russian news publishers had their files encrypted and held to ransom by malware dubbed BadRabbit. In Ukraine, …
John Leyden, 24 Oct 2017
ransomware

Please activate the anti-ransomware protection in your Windows 10 Fall Creators Update PC. Ta

A below-the-radar security feature in the Windows 10 Fall Creators Update, aka version 1709 released last week, can stop ransomware and other file-scrambling nasties dead. The controlled folder access mechanism within Windows Defender prevents suspicious applications from changing the contents of selected protected folders. …
Shaun Nichols, 23 Oct 2017

New phishing campaign uses 30-year-old Microsoft mess as bait

The ever-vigilant folk at the Internet Storm Centre (SANS) have spotted yet another campaign trying to drop the Locky ransomware using compromised Word files. As Internet Storm Center handler Brad Duncan writes, the vector in the Word documents uses Microsoft Dynamic Data Exchange (DDE), a feature that lets Office application …
Neon sign says 'Open'

Toshiba smacks down down 'ransomware killed flash factory' report

Toshiba has denied a report alleging its NAND flash factories were felled by ransomware. Taiwan's Digitimes, which often finds news from deep in the supply chain, on Monday reported that Toshiba halted production for three to six weeks while it sorted out a ransomware mess. Doing so, the report suggested, saw production of 100 …
Simon Sharwood, 17 Oct 2017
lock

Android ransomware DoubleLocker encrypts data and changes PINs

Crooks have come up with a strain of Android ransomware that both encrypts user data and locks victims out of compromised devices by changing PINs. DoubleLocker combines a cunning infection mechanism with two powerful tools for extorting money from its victims. "Its payload can change the device's PIN, preventing the victim …
John Leyden, 13 Oct 2017
Angry-looking woman croses her arms and glares. Pic by Shutterstock

Boring Barracuda says sales are going swimmingly – again

It's getting predictable. Barracuda has posted yet another year-on-year revenue rise with yet another small profit. Boring is good, though, right? For the three months to August 31 this year, its second fiscal 2018 quarter, the California-based outfit recorded revenues of $94.3m, up seven per cent from last years's $87.9mn and …
Chris Mellor, 13 Oct 2017
RDX_QuikStor

RDX removable disk has ransomware protection begging to be bypassed

The RDX is a neat niche removable disk storage product that can now tell ransomware to get lost. Overland-Tandberg is a Sphere3D business unit that punts RDX QuikStor drives with 1, 2, 3 or 4TB capacities. It has introduced rdxLOCK software with a RansomBlock feature, which turns an RDX into a WORM (Write Once Read Many) drive …
Chris Mellor, 10 Oct 2017
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC

Ouch: Brit council still staggering weeks after ransomware bit its PCs

A ransomware assault late last month is continuing to affect the operations of Copeland Borough Council in the northwest of England. The processing of planning applications is still being affected weeks after a major cyberattack hit the council in rural North West England. The planning application for a housing development of …
John Leyden, 29 Sep 2017

Ransomware keeping cops, NHS and local UK gov bods awake at night

Cybersecurity bods at the Met Police, NHS and the Local Government Association in the UK believe ransomware will be one of the biggest threats facing the British public sector next year. Speaking at the Cyber Security in Healthcare event at the UK Health Show in London, the public sector heads discussed the predicted …
Kat Hall, 28 Sep 2017
A Ransom Note

Lanarkshire NHS infection named as Bitpaymer variant

The ransomware that infected computers at the UK National Health Service's Lanarkshire outpost, causing an outage that lasted most of last weekend, has been tagged as a ransomware that demanded 53 Bitcoin for files to be decrypted. There's no evidence that the NHS district paid up, which isn't surprising because at current …
malware_security_648

WannaCrypt NHS victim Lanarkshire infected by malware again

One of the UK National Health Service boards hit by WannaCrypt earlier this year has again been infected by malware. The Lanarkshire board manages the Hairmyres Hospital, Monklands Hospital, and Wishaw General Hospital in Scotland, and on Friday had to warn patients that it was only handling emergency cases. Lanarkshire was …
petya

Ukrainian man, 51, cuffed on suspicion of distributing NotPetya

A middle-aged Ukrainian has been arrested on suspicion of acting as an agent in distributing the infamous NotPetya ransomware. Sergey Neverov, 51, a video blogger and computer enthusiast from Nikopol, was cuffed by Ukrainian police on August 7 (official statement in Ukrainian here). Neverov is accused of posting a video …
John Leyden, 11 Aug 2017

WannaCrypt victims paid out over $140k in Bitcoin to get files unscrambled

More than $140,000 (£105,000) in Bitcoin has been paid out by victims of the global WannaCrypt ransomware outbreak from May. The money was removed from the online wallets at 4am UTC on Thursday. The Bitcoin activity was noticed by a Twitter bot set up by Quartz journalist Keith Collins. It tweeted: Status of WannaCrypt …
Kat Hall, 3 Aug 2017

Create a news alert about ransomware, or find more stories about ransomware.

Biting the hand that feeds IT © 1998–2017