Category: ransomware

There seems to be a Robinhood among those spreading ransomware crime, as according to a study conducted by digital threat monitoring firm CloudSEK, a new ransomware variant is asking victims to donate the demanded ransom to the poor and destitute.

Yes, a novel ransomware variant named ‘Goodwill Ransomware’ is asking its targets to make donations to organizations that feed the poor and destitute.

Interestingly, the said ransomware group of hackers is also being asked to donate money to pizza outlets, which feed the poor.

Currently, Goodwill Ransomware is only being spread in countries like India, Pakistan, and some parts of Africa.

CloudSEK researchers state that the new ransomware group was identified in March 2022 and seems to be interested in promoting social justice rather than making financial gains.

How the hackers are dealing with the issue is also innovative. They are asking victims to pay in three ways for a decryption key-

1.) First, donate money to the needy who are in hospital and urgently need the money for treatment. The victim has to donate the money, record the entire event of donation and the treatment carried out later, and contact the hackers with a video or audio file.

2.) Second is to donate new clothes to the poor, record the event, and email the recorded AV file to the Goodwill hackers.

3.) Third is even more fascinating as the victim needs to take the poor and hungry children to either a Dominos or pizza hut outlet, pay for their food, and then record the event and send that file to the hackers.

Note- The Indian law enforcement is behind the Goodwill gang since April 2022 and found their whereabouts a few days ago. They are busy nabbing criminals and are interested in knowing the digital power behind them as the suspicion finger is pointing at a small-time hacking group from North Korea.

 

The post Goodwill Ransomware making victims donate to poor appeared first on Cybersecurity Insiders.

QNAP, a Taiwan-based company that offers data storage appliances, is back in news to become a target to Deadbolt ransomware again. Reports are in that the said file encrypting malware infected several NAS devices supplied by the hardware vendor, locking down access to users to stored information.

The security team of QNAP has reacted to the news by stating that users need to keep their appliances updated with the latest software updates that have been available since April 2022.

This time, the targeted models of QNAP are QTS 4.3.6 and QTS 4.4.1 and mainly those belonging to the X-series used by individuals and SMBs to manage files, share information and to perform other tasks.

Users are being urged by the NAS appliance maker to check for QTS update for the latest version and avoid the connection of Network Attacked Storage (NAS) to the World Wide Web.

According to a report conducted by security firm Censys from among 130,000 QNAP NAS devices, hackers have been targeted almost half of them with malware by exploiting certain zero-day vulnerabilities. This time those spreading Deadbolt are seen demanding 0.03 BTC to free up the data from encryption.

NOTE 1- Early this week, threat intelligence firm Emsisoft released a press update. It stated that victims of Deadbolt Ransomware using QNAP appliances can use their decryption tool only if they paid the hackers a ransom for a decryption tool that is now neutralized because of a forced update from QNAP for NAS appliances.

NOTE 2- It is better if the company solves these issues at the earliest. As it can make its customers lose trust in the products in near future.

 

The post QNAP storage devices again hit by Deadbolt Ransomware appeared first on Cybersecurity Insiders.

A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up to? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dr Jessica Barker. Plus don't miss our featured interview with Rumble's Chris Kirsch.

Omnicell, an American healthcare technology provider has released a press statement that its IT Infrastructure was targeted by ransomware early this month, affecting its internal systems severely.

Disclosing the same in its 10-Q SEC Filing, the California based company disclosed that it learned about the cyber attack on May 9th this year and has taken all necessary measures to contain the malware spread and mitigate the risks.

A detailed investigation has been launched on this note and a 3rd party security company has been pressed into service to investigate the incident to the core.

Prima facie has revealed no sensitive information was accessed or stolen by hackers. However, Omnicell is interested in disclosing the facts only after a thorough investigation is completed.

As per the California Consumer Privacy Act and California Medical Information Act, Omnicell will follow all necessary measures such as information sharing with the law enforcement and providing personal intimation to affected customers by 3Q this year.

Note- With a headcount of over 3900 people, Omnicell has emerged as one of the top medication management companies in America in recent times. Its core business is to offer automated solutions and medical management tools to hospitals and health service providers. And is also into the business of offering retail software to pharmacies operating in the region under the Omnicell and Enliven Health brand.

 

The post Ransomware Attack on Omnicell appeared first on Cybersecurity Insiders.

According to research carried out by SecureWorks, an Iranian Hacking group dubbed “Cobalt Mirage” was discovered to be distributing ransomware. The Advanced Persistent Group (APT) group linked to another Tehran-based threat activists group dubbed Cobalt Illusion APT35 is seen distributing file-encrypting malware that straightly wipes out files if the victim cannot pay the ransom on time.

Interestingly, the Iranian hacking group is found siphoning data from its victims, mainly government organizations and financial institutions, and is then found analyzing it to see if it is of any use to the Iranian government.

So far, Cobalt Mirage has targeted companies operating in Israel, the US, Europe, and regions that are against the government of Iran.

In most cases, the hackers from Iran are seen breaching networks by exploiting Log4j vulnerabilities and ProxyShell, along with Fortinet Security flaws- discovered in the early months of 2020.

To date, we have seen ransomware groups stealing data and encrypting the database until a ransom is paid. But Cobalt Mirage stands out differently as it wipes out data of victim databases if they cannot pay a ransom.

Note- Ransomware is a kind of malware that encrypts a database until a ransom is paid. As time has passed by, those involved in the distribution of ransomware aka file-encrypting malware have started to first steal data and then pressurize the victim to pay up. And if they cannot pay up, the stolen data is sold on the dark web. But with Cobalt Mirage, they are directly wiping out the database, as they do not give another chance to the victim to recover from the cyber attack.

 

The post Iranian hacking group caught spreading ransomware appeared first on Cybersecurity Insiders.

All these days, we have seen businesses shutting down on a permanent note because of sophisticated ransomware attacks; but here’s some news that is related to an educational institution which chose to shut down as it became a victim of a massive ransomware attack.

US’s Lincoln College has posted a notice on its website confirming a ‘Goodbye’ note to the business. Interestingly, the note mentioned that the educational institute survived world wars, COVID-19 shutdowns and Spanish flu, but could not sustain itself from a ransomware attack that swallowed it wholly.

Cybersecurity Insiders has learnt that Lincoln College became a victim a cyber attack in Dec’2021 encrypting all the organizations data and painting an unclear picture on the enrollments that were to take place in 2022 fall.

Prima facie revealed the ransomware took control of all the servers related to recruitment, retention and fund raising.

Further investigations assured that no student data was compromised in the cyber incident. However, the information related to students who applied for admission was totally encrypted and now erased as the victim failed to pay a ransom on time.

The US Educational Department is trying everything to infuse life into the institution devoted to blacks and named after President Abraham Lincoln in 1865.

After making many efforts to come out of the trouble, Lincoln College announced an official shut down on March 29th this year and made its final commitment on Sunday last week.

Local students will be given the privilege to enroll into other colleges for the next academic year. However, the fate of the international students is still in a dilemma as their visa to continue their stay in the United States will finish from this month’s end.

Hope, the white house takes control of the situations and gives clarity on such students’ educational future!

 

The post Ransomware attack shuts down a US College permanently appeared first on Cybersecurity Insiders.