DarkSide is the group behind the ransomware attack affecting Colonial Pipeline, and recently said it lost control of its web servers.
ransomware
REvil Ransomware Crew Extorts Apple With Device Schematics
Timed with Apple’s spring event on Tuesday, the group behind REvil ransomware claims to have secret device schematics hacked from Quanta Computer.
Security Friday and Big Sur Updates – TMO Daily Observations 2020-11-13
Today Andrew Orr joins host Kelly Guimont to discuss for Security Friday news and updates, and some Big Sur upgrade tips.
Compal Electronics Suffers DoppelPaymer Ransomware Attack
Computer manufacturer Compal Electronics has been hit by a DoppelPaymer ransomware attack, and the ransom is US$16.7 million.
DoppelPaymer is a ransomware operation known for attacking enterprise targets by gaining access to admin credentials and using them to spread throughout a Windows network. Once they gain access to a Windows domain controller, they deploy the ransomware payloads to all devices on the network.
According to the DoppelPaymer Tor payment site linked to in the ransom note, the ransomware gang is demanding 1,100 Bitcoins, or $16,725,500.00 at today’s prices, to receive a decryptor.
Security Friday, Now With Gift Picks – TMO Daily Observations 2020-11-06
Andrew Orr join host Kelly Guimont for Security Friday news, some ballot measures that passed, and even a security minded gift option.
Mattel Revealed it Suffered a Data Breach on June 28
Toy company Mattel suffered ransomware attack on June 28, 2020. It revealed this in a 10-Q form filed with the Securities and Exchange Commission (SEC).
On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations.
FBI Warns of Ransomware Threat to US Healthcare System
The FBI, CISA, and HHS are issuing a joint alert to warn of the threat of ransomware attacks currently affecting U.S. healthcare systems.
New Ransomware ‘OSX.EvilQuest’ Found in Pirated Mac Software
A new piece of macOS ransomware has been spotted in the wild within multiple pirated Mac software, and it’s called OSX.EvilQuest.
Security Friday: Ransomware, DNS Options – TMO Daily Observations 2020-06-12
Andrew Orr joins host Kelly Guimont to discuss Security Friday news including a new ransomware attack and some alternative DNS options.
Ransomware Hackers Now Want Your Nudes
Security researchers discover a new form of blackmail from ransomware hackers: They demand nudes instead of money.
While most ransomware strains require monetary compensation in return for a decryptor, Ransomwared is demanding a more unusual payment. Once a computer is infected, a pop up will appear and demand that the victim send the author pictures of “tits” in exchange for an “unlock code.”
Maybe this speaks to my cynicism or just the fact that the world is filled with bad people. But I’m honestly surprised I haven’t heard of this type of ransomware extortion sooner. You could just send random porn, they wouldn’t be able to know if they’re actually your nudes. But they might ask you to hold up a sign with the current date as proof that it’s you. However, what if you just searched online for a nude with a sign, then photoshopped the current date on it? Okay, I need to stop. This is why Charlotte worries about me.
Travelex Infected With Sodinokibi Ransomware, Attacker Wants $3M
A cyber attack infected international foreign currency exchange Travelex with Sodinokibi ransomware. The attackers are demanding US$3 million.
The attack occurred on December 31 and affected some Travelex services. This prompted the company to take offline all its computer systems, a precaution meant “to protect data and prevent the spread of the virus.”
We were told that they deleted the backup files and that the ransom demanded was $3 million; if not paid in seven days (countdown likely started on December 31), the attackers said they will publish the data they stole.
You Shouldn't Restart Your Computer if You Have a Virus
Security experts say that if your computer has been infected with malware you shouldn’t restart it, especially if you suspect ransomware.
News+: Don't Give Money to Ransomware Scammers
In the latest issue of PCMag, Max Eddy writes that you shouldn’t give money to ransomware attackers when they ask.
First, most cyberattacks—including ransomware—don’t last long. The command and control servers that issue the unlock commands and receive payment can be found and taken offline…In either case, anyone who has been infected and not paid the ransom can no longer get their system unlocked, even if they pay.
This is why keeping several backups is important, one online, one offline. And keep your operating system up to date with the latest security patches and improvements.
This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.
New Mac Ransomware Leaves Your Files Permanently Encrypted
Mac users hoping to score Adobe Premiere Pro CC and Microsoft Office for free through BitTorrent sites are in for an ugly surprise thanks to a new ransomware making the rounds. The ransomware, called OSX/Filecoder.E, encrypts the contents of victim’s hard drives and demands payment in Bitcoin, but there isn’t any way to actually decrypt and recover files.