Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
Attackers are using Avaddon ransomware to target diverse organizations in the U.S., Australia and elsewhere, according to the FBI and the Australian Cyber Security Center. Among the recent victims was a service provider to Australian telecommunications company Telstra.
Following news reports of ransomware attackers targeting QNAP Systems' network-attached storage appliances, encrypting users' data and then demanding a ransom, the company is urging users to immediately install a malware remover and run a malware scan.
Israeli car financing company K.L.S. Capital Ltd. says that hackers recently stole customer information, ID photos, vehicle licenses, scans of checks and loan information from its servers.
The Fonix ransomware gang has closed down its operations and has released a decryptor key, according to Malwarebytes and Kaspersky. But security researchers warn the gang, like others, might re-emerge with new tactics.
The operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to Sophos. These types of "ghost" accounts are an increasing issue for security teams.
Security researchers are warning that attackers appear to have stepped up scanning for vulnerable Zyxel products, including VPN gateways, access point controllers and firewalls. A recently disclosed vulnerability in the company's firmware can create a hard-coded backdoor.
Apex Laboratory a Farmingdale, New York-based blood testing facility, is notifying patients about the leak of their information, including test results. The security incident - which appears to involve ransomware - happened in July.
The FBI is warning of increased activity - including disruption of a police dispatch system - by the operators of DoppelPaymer, a ransomware variant linked to high-profile attacks over the last several months. The cybercriminals also are calling victims to pressure them into paying ransoms.
Several recent ransomware attacks, including those involving Ryuk and Egregor, have used a commodity malware variant called SystemBC as a backdoor, according to Sophos.
Hackers are targeting thousands of vulnerable MySQL servers around the world, using ransomware to exfiltrate data from organizations and then demanding payment, according to Guardicore Labs. The attackers are also selling access to over 250,000 stolen databases.
CISA is warning that local K-12 school districts are increasingly under assault by cyberthreats targeting vulnerable networks that are disrupting physical and virtual education throughout the U.S. The top security problems include ransomware, Trojans and other malware as well as DDoS attacks.
Dutch HR firm Randstad and the public transportation agency of Vancouver, Canada, are continuing to recover from ransomware attacks. Both incidents appear to have involved Egregor ransomware, with Randstad reporting that data was exfiltrated and is now being leaked by attackers to try and force payment.
Canon USA has finally acknowledged that a ransomware attack earlier this year involved the theft of corporate data, including such employee information as Social Security numbers and financial account numbers.
French IT services firm Sopra Steria, which was hit with Ryuk ransomware in October, now estimates that the attack could cost the company up to $60 million in recovery costs. Experts say that after going quiet in March, Ryuk reappeared in September, and has targeted numerous hospitals.
The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.
