There’s a new ransomware for the Mac called ThiefQuest or EvilQuest. It’s hard to get infected:
For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It’s a good reminder to get your software from trustworthy sources, like developers whose code is “signed” by Apple to prove its legitimacy, or from Apple’s App Store itself. But if you’re someone who already torrents programs and is used to ignoring Apple’s flags, ThiefQuest illustrates the risks of that approach.
But it’s nasty:
In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or “second stage,” attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.
Powered by WPeMatico
infossl
July 6, 2020
apple, malware, ransomware, Security technology
Read more >
EKANS is a new ransomware that targets industrial control systems:
But EKANS also uses another trick to ratchet up the pain: It’s designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with. While crude compared to other malware purpose-built for industrial sabotage, that targeting can nonetheless break the software used to monitor infrastructure, like an oil firm’s pipelines or a factory’s robots. That could have potentially dangerous consequences, like preventing staff from remotely monitoring or controlling the equipment’s operation.
EKANS is actually the second ransomware to hit industrial control systems. According to Dragos, another ransomware strain known as Megacortex that first appeared last spring included all of the same industrial control system process-killing features, and may in fact be a predecessor to EKANS developed by the same hackers. But because Megacortex also terminated hundreds of other processes, its industrial-control-system targeted features went largely overlooked.
Speculation is that this is criminal in origin, and not the work of a government.
It’s also the first malware that is named after a Pokémon character.
Powered by WPeMatico
infossl
February 7, 2020
malware, ransomware, sabotage, scada, Security technology
Read more >
The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because — as generally happens — they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC’s video surveillance cameras a week before the 2017 inauguration.
Powered by WPeMatico
infossl
November 12, 2019
attribution, hacking, operationalsecurity, ransomware, Security technology
Read more >
ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims.
Powered by WPeMatico
infossl
July 8, 2019
fraud, hacking, ransomware, Security technology
Read more >
Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative.
Powered by WPeMatico
infossl
June 25, 2019
hacking, malware, ransomware, Security technology
Read more >
This will complicate things:
To complicate matters, having cyber insurance might not cover everyone’s losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the “hostile or warlike action in time of peace or war” exemption.
I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing.
Powered by WPeMatico
infossl
March 8, 2019
cybersecurity, hacking, insurance, malware, ransomware, russia, Security technology, war
Read more >
This is a good article on the complicated story of hacker Marcus Hutchins.
Powered by WPeMatico
infossl
March 16, 2018
bitcoin, cybersecurity, fraud, hacking, killswitch, privacy, ransomware, Security technology
Read more >
No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It’s not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee.
Powered by WPeMatico
infossl
January 15, 2018
encryption, keys, ransomware, Security technology
Read more >
I don’t have anything to say — mostly because I’m otherwise busy — about the malware known as GoldenEye, NotPetya, or ExPetr. But I wanted a post to park links.
Please add any good relevant links in the comments.
Powered by WPeMatico
infossl
July 4, 2017
malware, ransomware, Security technology
Read more >
There’s evidence:
Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called “the Lazarus Group,” a name used by private-sector researchers.
One of the agencies reported that a prototype of WannaCry ransomware was found this spring in a non-Western bank. That data point was a “building block” for the North Korea assessment, the individual said.
Honestly, I don’t know what to think. I am skeptical, but I am willing to be convinced. (Here’s the grugq, also trying to figure it out.) What I would like to see is the NSA evidence in more detail than they’re probably comfortable releasing.
More commentary. Slashdot thread.
Powered by WPeMatico
infossl
June 16, 2017
hacking, northkorea, nsa, ransomware, Security technology
Read more >
