Articles about Ransomware

In recent months we've seen high profile ransomware attacks target many businesses, and we've seen cyber criminals making greater efforts to target their victims.

A new study from endpoint protection company SentinelOne and De Montfort University has been looking at how social engineering tactics are used by cyber criminals to manipulate and elicit payments from victims.

Continue reading →

The ransomware attacks that make the news are the ones like WannaCry and NotPetya that spread rapidly and affect many businesses.

But there's a new breed of manual ransomware attack happening that seeks to pick its victims much more selectively with a view to causing maximum disruption. We spoke to Roy Fisher, incident investigator at cyber security company MWR to find out more.

Continue reading →

On June 27, reports of a rapidly spreading ransomware attack started to emerge from Ukraine. The speed at which critical infrastructure networks were shutting down pointed to a ransomware application with a wormable component, whose virality called to mind the WannaCry ransomware. In less than three hours, the infection crippled banks, ATMs, public transport and an airport, as well as utilities provider Kyivenergo. Then it spread outside the Ukraine.

As multiple critical infrastructure networks reported major blackouts, Bitdefender started an internal investigation over isolated malware samples to trace the attack’s origin and better understand what it targeted, and how.

Continue reading →

Recent high profile ransomware attacks including WannaCry and NotPetya have highlighted the fact that often the time organizations take to recover is just as damaging as the attack itself.

Network visibility firm Portnox is aiming to tackle this with the launch of Rapid Ransomware Response and Control as part of its suite of network access control (NAC) systems.

Continue reading →

The Petya ransomware -- and several variants -- wreaked havoc with data around the world, but now the author of the original malware has released the master decryption key.

Janus Cybercrime Solutions has provided a key that work with all "official" variants of Petya (meaning NotPetya is not included). The key was released to -- of all places -- Mega, and its authenticity has been verified. While Petya has already been cracked, the key offers the fastest and most reliable decryption method yet.

Continue reading →

Police in the Ukraine have seized the servers of Intellect Service, a company supplying accounting software, as part of their investigation into the NotPetya ransomware attack.

A malicious update to Intellect's MeDoc accounting package is believed to have been responsible for some of the initial NotPetya infections.

Continue reading →

Ransomware is barely out of the news these days. We had WannaCry wreaking havoc not so long ago, and now it’s the turn of Petya/NotPetya. And those are just two of the better-known threats; there are plenty more forms of ransomware out there which, while maybe not as prevalent, can have just as devastating an effect.

If you’re concerned about the threat of ransomware, which is easily one of the nastiest forms of malware out there, we have a selection of ebooks and whitepapers you can download for free which will give you all the knowledge you need to avoid becoming a victim, and which can help you recover from an infection.

Continue reading →

With ransomware hitting the headlines at the moment thanks to the Petya/NotPetya attack, a timely new report from cloud data protection specialist Druva reveals it's becoming a ubiquitous global threat affecting enterprises large and small and devices of all types.

The survey of more than 800 companies shows that over 80 percent of respondents report ransomware attacks are on the rise and that half of businesses hit by ransomware have been attacked multiple times.

Continue reading →

The ransomware attack we reported yesterday may have begun in the Ukraine, but it spread rapidly across Europe and has now hit companies in Australia and the US including pharmacy giant Merck.

A variant of the Petya ransomware now being dubbed 'NotPetya', it spreads initially by phishing emails and once on a system the ransomware demands $300 in bitcoin. When it's installed on one system behind a firewall it's able to spread rapidly to others on the same network.

Continue reading →

Companies, government departments and airports in the Ukraine have been hit by ransomware this afternoon and the attack now appears to be spreading across Europe.

In Ukraine, government departments, the central bank, a state-run aircraft manufacturer, Kiev airport and the metro network have all been hit. In the UK, the advertising company WPP says its systems have also been taken down, and Danish transport company Maersk reports sites and business units shut down by the attack.

Continue reading →

The cost of a ransomware attack can be pretty substantial. Businesses that are not well prepared are looking at lost revenue from downtime and massive damage to their reputation, not to mention a pretty hefty ransom bill as well.

For web hosting company Nayana, that was $1 million. Nayana, which is based in South Korea, had 153 of its Linux-based servers infected by the Erebus ransomware on June 10. The attack affected roughly 3,400 customers that relied on its services for hosting websites, databases and multimedia content.

Continue reading →

Nearly a month after it struck devices around the globe, new information has emerged surrounding the major WannaCry ransomware attack.

The BBC says British officials from the National Cyber Security Center (NCSC) are now claiming infamous North Korean cyber-criminal group Lazarus was behind the attack.

Continue reading →

From the fall, Microsoft is disabling SMBv1 in Windows 10. With the release of Windows 10 Fall Creators Update (or Redstone 3 if you prefer), the protocol that was exploited by the WannaCry ransomware will be no more.

The file sharing protocol was developed by Microsoft over two decades ago, and the company recognizes that the time has come for it to be retired. Internal builds of Windows 10 being tested by Microsoft already have SMBv1 disabled, and similar builds will make their way to Windows Insiders and the wider public in due course.

Continue reading →

Following the WannaCry attack last month, ransomware was one of the big topics at the recent Infosecurity Europe event in London.

The worldwide assault woke many businesses and organizations up to the real danger that ransomware poses, but new research has also discovered that the criminals behind such attacks could be gearing up for even bigger attacks soon.

Continue reading →

Recent weeks have seen a rise in fake WannaCry protectors on mobile app stores, even though this particular infection doesn't target mobile devices.

But using the fear of high profile infections to get users to download potentially unwanted programs or malware is nothing new according to threat management company RiskIQ. Using its mobile database, hundreds of examples of apps that claim to help defend mobile phones were found, instead, to be preying on unsuspecting users by pushing adware, trojans, and other malware.

Continue reading →