Articles about ransomware

Broken link in chain

The strange case of the data breach that stayed online for a month

A couple of weeks ago Jeff* quit his job at the Singaporean branch of a major enterprise technology vendor that is, if not quite a household name, certainly known to most IT professionals. Not long afterwards he Googled his old work employee ID number and was unpleasantly surprised to see the first result was a link to a …
Jigsaw puzzle of a desktop box

Cryakl ransomware antidote released after servers seized

Free decryption keys for the Cryakl ransomware were released last Friday – the fruit of an ongoing cybercrime investigation. The keys were obtained during an ongoing investigation by Belgian cops, and shared with the No More Ransom project, an industry-led effort to combat the growing scourge of file-encrypting malware. The …
John Leyden, 12 Feb 2018
Woman in hospital (in hospital gown) covers face with hands

On the NHS tech team? Weep at ugly WannaCry post-mortem, smile as Health dept outlines plan

The WannaCry outbreak has forced the UK's national health service to overhaul its crisis planning to put new measures in place to avoid further crippling cyber attacks. A UK Department of Health and Social Care postmortem on the May 2017 WannaCry outbreak, published on Thursday, repeats the findings of previous UK government …
John Leyden, 2 Feb 2018
miner

Good news, everyone: Ransomware declining. Bad news: Miscreants are turning to crypto-mining on infected PCs

For the past few years, ransomware has been a bane of computer users. These software nasties infect PCs, scramble files, and demand payment in cryptocurrency to restore the documents. Those cryptocurrencies are a right faff to get hold of and transfer to miscreants at short notice. And there's no guarantee crooks will hand …
Iain Thomson, 1 Feb 2018

Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery

Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets. Ransomware scammers have long directed victims to payment portals on the Tor network. For those who do not want to or cannot install the Tor browser necessary to pay their ransoms, operators generally direct victims to a Tor proxy …
John Leyden, 30 Jan 2018
A child selling newspapers

Acronis: Ransomware protection! Get yer free ransomware protection!

Acronis has released a free, standalone version of its Acronis Ransomware Protection with AI-based Active Protection tech. It can be used alongside existing backup and antivirus products on Windows systems. The lightweight (20MB) software runs in the background and is said to monitor system processes in real-time to …
Chris Mellor, 26 Jan 2018
Doctor Nick Riviera

Hospital injects $60,000 into crims' coffers to cure malware infection

A US hospital paid extortionists roughly $60,000 to end a ransomware outbreak that forced staff to use pencil-and-paper records. The crooks had infected the network of Hancock Health, in Indiana, with the Samsam software nasty, which scrambled files and demanded payment to recover the documents. The criminals broke in around 9 …
Iain Thomson, 16 Jan 2018
handcuffs

Euro ransomware probe: Five Romanians cuffed

Five people suspected of infecting Windows PCs with ransomware – and extorting money from more than 170 victims in Europe and the US – have been arrested. In the past week, an international crimefighting task force led by Europol collared the quintet in Romania – and searched six homes, seizing a load of computer parts and …
Richard Priday, 21 Dec 2017
Kim Jong Un

UK, US govt and pals on WannaCry culprit: It woz the Norks wot done it

UK Foreign Office Minister Lord Ahmad of Wimbledon today claimed North Korea was behind the WannaCry ransomware incident. He joins the US government, Canada, Australia, New Zealand, Japan, Microsoft, Google, Kaspersky, Symantec, FireEye, and others, in blaming Kim Jong-un's hackers for unleashing WannaCry on the world. Uncle …
Kat Hall, 19 Dec 2017

Protecting your data from ransomware

Supported Well, there’s a surprise. The National Audit Office’s report into the WannaCry ransomware and its effect on the NHS came out in late October. It points the blame at – wait for it – the NHS. Despite warnings, trusts had not prepared themselves with the basic patches necessary to avoid what ended up being an unsophisticated attack …
Robin Birtstone, 30 Nov 2017

'Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal

The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical. Despite this, major security events resulting in loss of data, services, or financial loss are becoming increasingly commonplace. Brian Honan, founder and head of Ireland's first …
John Leyden, 24 Nov 2017
Image by Dr Flash http://www.shutterstock.com/gallery-182053p1.html

Bootkit ransomware baddy hops down BadRabbit hole in Japan

A new strain of ransomware is apparently being used for targeted attacks in Japan. MBR-ONI, a new bootkit ransomware, relies on modified version of a legitimate open-source disk encryption utility called DiskCryptor for its encryption routines – the same tool abused by the Bad Rabbit ransomware last week. While ONI and the …
John Leyden, 31 Oct 2017
bouncer

Mil-spec infosec spinout Cryptonite reveals its network-scrambling tech

Security startup Cryptonite dropped out of stealth ​late last week with a micro-segmentation-based technology designed to prevent​ ​hacker​ ​reconnaissance​ ​and​ ​lateral​ ​movement. CryptoniteNXT​, the firm's network​ ​appliance​, sits between an organisation's perimeter firewall and internal networks, blocking​ ​malicious …
John Leyden, 30 Oct 2017

Merck's $310m NotPetya bill, stolen RDP logins selling for $10 a pop, bug patches, and more

Roundup While the security world has been in full Holy Grail mode with BadRabbit, plenty of other stuff has been going on this week. Here's a roundup of everything else you need to know on top of what we've already reported. On the vulnerability front, it was something of a quiet week. Google updated Chrome with a new build (62.0.3202 …
Iain Thomson, 28 Oct 2017

UK.gov joins Microsoft in fingering North Korea for WannaCry

The UK government has joined Microsoft in blaming North Korea for the WannaCry ransomware attack. Security minister Ben Wallace appeared on BBC Radio4's flagship Today programme on Friday morning to blame North Korea for the infamous ransomware attack that disrupted the operation of one in three NHS Trusts in England as well …
John Leyden, 27 Oct 2017

Hop on, Average Rabbit: Latest extortionware menace flopped

As the dust settles from Tuesday's Bad Rabbit ransomware outbreak, it's already clear that it is far less severe than the WannaCrypt and NotPetya infections from earlier this year. Bad Rabbit claimed notable victims including the media agency Interfax and was largely contained in Russia and Ukraine, as previously reported. …
John Leyden, 26 Oct 2017

Watership downtime: BadRabbit encrypts Russian media, Ukraine transport hub PCs

Updated Computers at Russian media outlets and Ukraine's transport hubs were among Windows PCs infected and shut down today by another fast-spreading strain of ransomware. Corporate systems within Interfax and two other major Russian news publishers had their files encrypted and held to ransom by malware dubbed BadRabbit. In Ukraine, …
John Leyden, 24 Oct 2017
ransomware

Please activate the anti-ransomware protection in your Windows 10 Fall Creators Update PC. Ta

A below-the-radar security feature in the Windows 10 Fall Creators Update, aka version 1709 released last week, can stop ransomware and other file-scrambling nasties dead. The controlled folder access mechanism within Windows Defender prevents suspicious applications from changing the contents of selected protected folders. …
Shaun Nichols, 23 Oct 2017

Create a news alert about ransomware, or find more stories about ransomware.

Biting the hand that feeds IT © 1998–2018