There are still plenty of details outstanding about how they might have pulled it off, but court documents show how a trail of bitcoin and IP addresses led investigators to the alleged hackers .A Garmin ransomware hack disrupted more than just workouts during a days-long outage; security researchers see it as part of a troubling trend of "big game hunting" among ransomware groups .
In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in.
We'll get to the rest of this week's security news in just a second, but before all that you need to carve out a little chunk of your day to read WIRED senior writer Andy Greenberg's profile of Marcus Hutchins , the hacker who stopped the berserking WannaCry ransomware three years ago.
A recent infection by a fairly new strain called LockBit explains why: After it ransacked one company’s poorly secured network in a matter of hours, leaders had no viable choice other than to pay the ransom.
New research from Microsoft shows that ransomware attackers are actively making that crisis worse, forcing health care and critical infrastructure organizations to pay up when they can least afford downtime.The Microsoft researchers often observed attackers getting their initial network access by exploiting unpatched vulnerabilities in victims' web infrastructure.
BleepingComputer reached out to the operators of multiple strains of ransomware, asking if they had plans to stop hitting hospitals during the coronavirus pandemic.WIRED is providing unlimited free access to stories about the coronavirus pandemic .
Crew suffered a so-called credential stuffing attack that impacted the the online accounts of fewer than 10,000 customers.It also reportedly got hit by a ransomware attack that resulted in the theft of at least some of its data.
Over the last month, researchers at security firms including Sentinel One and Dragos have puzzled over a piece of code called Snake or EKANS, which they now believe is specifically designed to target industrial control systems, the software and hardware used in everything from oil refineries to power grids to manufacturing facilities.
The hacker apparently got in through a bug in forum software vBulletin; the Dutch Broadcast Foundation reports that the hacker has attempted to sell the data online.But he also took the time to comb through the malware's code, and stole a database full of decryption keys from the hacking group's server.
And whether a local government is going to rebuild from an attack on its own or pay the ransom, money to respond comes from public funds or through a municipality's cybersecurity insurance.
There’s maybe no better sign of a vulnerability’s severity; the last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe .
LockerGoga, which was named for a file path in its source code by security research group MalwareHunterTeam, remains relatively rare and targeted compared to older forms of ransomware like SamSam and Ryuk, says Charles Carmakal, who leads a team of incident responders at FireEye who have dealt with multiple infestations.
But between the company's increasingly dismal track record on third-party access limits and a recent incident in which a bug exposed 6.8 million users' photos to third-party developers, it's hard to feel like things are going as well as they could on the user privacy and data management front.Atlanta RansomwareIn March, a ransomware attack locked down the City of Atlanta's digital systems, destabilizing municipal operations.
The Most Dangerous People on the Internet in 2018Casey Chin; Getty ImagesThis year thankfully avoided any world-breaking ransomware attacks like NotPetya. In many cases, the most dangerous people online are also the most dangerous in the real world.
Regardless of the impact on the alleged SamSam hackers specifically, the Justice Department made a statement that should resound among cybercriminals who rely on bitcoin and the dark web for anonymity.“It absolutely adds a chilling effect,” Jarvis says.