News Posts matching #RansomWare

Return to Keyword Browsing

Western Digital My Cloud Service Hacked, Customer Data Under Ransom

Western Digital has declared that its My Cloud online service has been compromised by a group of hackers late last month: "On March 26, 2023, Western Digital identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company's systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities."

The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."

Asustor NAS Products Hit by Deadbolt Ransomware Attack - Unplug Them Now

If you've deployed an Asustor-made NAS (Network Attached Storage) to access your treasure trove of files across the wires of the Internet, you should disconnect it it from the Internet as soon as possible. A number of Asustor users have taken to Reddit and the company's forums, claiming their Asustor-bound files have been claimed and encrypted by a ransomware attack through a Deadbolt payload. This is the same ransomware that wreaked havoc with QNAP's NAS devices a while back.

The attack infects the user's NAS and proceeds to encrypt its contents, leaving each user with a message pointing towards a unique Bitcoin address. The offer: receive the decryption key in exchange for 0.03 Bitcoin (~$1,102, ~€976) - the same value asked at the time of the QNAP attack. Interestingly, Asustor doesn't seem to have received the same offer the perpetrators put forward to QNAP: 5 Bitcoin (~$183,906, ~€162,267) in return for information for the exploit data (€162,799) - or a universal decryption key for all affected users for 50 Bitcoin (~$1,8 million). That last bit there serves to put pressure on the company to pay up for the affected users, which could themselves pressure the company to take the deal.

QNAP NAS Affected by Qlocker Ransomware, Company Advises Immediate Action to Secure Your Data

QNAP Systems, Inc. (QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users' data for ransom. QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS. The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. QNAP is urgently working on a solution to remove malware from infected devices.

QNAP has released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack. If user data is encrypted or being encrypted, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately, and then contact QNAP Technical Support at this page.

Cybersecurity in 2019: Ransomware up 41% in the US Alone, Average Decryption Price in December 2019 set at $190,946

A Report via the New York Times paints an increasingly challenging picture for security specialists, technology users and businesses. Security firm Emsisoft reported a 41% increase in ransomware attacks in 2019 (in the US) compared to the previous year (up to 205,280 distinct attacks). The advent of cryptocurrencies with built-in anonimity, such as Monero, have become the favored extortion method employed by wrongdoers, shielding them from the usual checks and balances of the banking system. And with increasingly complex tools in the hands of hackers, plus the advantage of first strike new attacks enjoy, ransomware is becoming harder and harder to battle. According to the New York Times, citing security firm Coveware, the average payment for file decryption in 2019 rose to $84,116 in the Q4 2019, double what it was just in Q3. And in the last month of the year, the average decryption payment jumped more than twofold to $190,946.

34 Companies Sign the Cybersecurity Tech Accord

34 different companies (which include Microsoft, Facebook, Cisco, Nokia, and Oracle) signed the Cybesecurity Tech Accord this week. The Accord, which is being hailed as the "Digital Geneva Accord", ratifies a new era of corporations' protection of customers, and a new way to engage and protect from cyberattacks. The biggest part of this? The pledge not to aid governments in performing any type of cyberattacks against customers. The usage of the word customers isn't an innocent one: a consumer is such in any part of the world, regardless of any given countries' definition.

The idea behind the Accord is to allow "public commitment among 34 global companies to protect and empower civilians online and to improve the security, stability and resilience of cyberspace." This is an effort from tech companies to distance themselves from all manner of centralized government power, and to place themselves in a new, customer-protective light. At the same time, companies are looking to engender a coordinated response to global-scale ransomware attacks, such as last years' WannaCry and NotPetya events. "The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together." said Microsoft President Brad Smith. "This tech sector accord will help us take a principled path towards more effective steps to work together and defend customers around the world." You can read the entire post on the mission and signing of the Accord after the break.

PUBG Ransomware Forces Users to Play PUBG to Decrypt Their Files

MalwareHunterTeam recently discovered the PUBG ransomware that is currently floating around the internet. When executed, the pesky program would encrypt the files and folders that are located on the victim's desktop and add the ".PUBG" extension to them. While meant to be more of a joke than actual malware, the program demands that the victim play PUBG for an hour. Nevertheless, users can decrypt their files in two ways. They can introduce the "s2acxx56a2sae5fjh5k2gb5s2e" code into the program and proceed to restore their files or launch the PUBG executable for three seconds. MalwareHunterTeam noted that the program runs a background check for a "TslGame" process, and therefore users can rename any executable to TslGame.exe and trick the malware into thinking that the fake executable is the real deal.

Weekend Reading 101: On Ransomware's Chains and Carbon Black's Report

Carbon Black, a cybersecurity company that's been founded by former members of the U.S. government's elite team of offensive security hackers, has released a report detailing the continued rise of ransomware's impact, which served as the fire-starter for this piece. Carbon Black's Threat Analysis Unit (TAU) has found that ransomware is an increasingly prolific economical entity, bolstered by a 2,502% increase in sales in the dark web. As with every activity, legal or illegal, the economic footprint follows profit; and in ransomware's case, it's estimated it has yielded around $1 billion just this year. Ransomware even has the advantage of not requiring specialized computer skills, and can be quickly and brainlessly deployed in search of a quick buck.

Carbon Black reports that there are currently more than 6,300 ransomware marketplaces in the dark web, with over 45,000 different product listings, which range in price from $0.5 to $3K (the median price for a DIY ransomware package stands at roughly $10.5). Ransomware sellers are taking advantage of this burgeoning, "quick buck at anyone's expense" reasoning: some ransomware sellers are earning more than six figures yearly, sometimes even more than legitimate software companies. It's no surprise, however that the report points to technologies such as Bitcoin and the Tor network as being two of the most important enablers in this ransomware explosion, besides making it much more difficult for law enforcement agencies to, well, enforce the perpetrators.
To our Forum Dwellers: this piece is marked as an Editorial

Where's My Bitcoin? "Cerber" Ransomware Starts Stealing Cryptocurrency Wallets

"Where's my Bitcoin?" is a question no miner, investor or mere user in the cryptocurrency ever wants to have to ask. There's always someone willing to take advantage of someone else's hard work or subjection to risk in order to increase their own value; and if there's something years of cyber security have told us, is that hackers seldom lag in picking up new sources of undeserved revenue. So it was only a matter of time before general purpose ransomware started seeing updates so as to take advantage of the newer trends in valuable assets. Enter cryptocurrency. And you can probably guess the rest of this piece.

The new, updated Cerber ransomware routine now not only encrypts a user's files, it also looks for some specific, known Bitcoin wallet applications (namely, and as of time of writing, Bitcoin Core, Electrum, and Multibit), copies them to an external server controlled by the hackers, and proceeds to delete them from the user's PC. Naturally, Cerber also has a routine that handles copying passwords that are stored in your browser of choice. The wallet stealing and copying isn't much of a concern per se; there are additional security measures in any given wallet before the hackers can access their potential treasure trove of cryptocurrency. However, many people also keep files with passwords or some such on their computers; and could be doing a disfavor to themselves by not keeping another copy of their wallets on a secure, non-internet connected hardware wallet, or even USB pen. Naturally, a user who kept the password for their wallet on their system is vulnerable to the entire "ransomware" portion of the Cerber malware; and if someone doesn't even have another copy of their wallet but keeps an ungodly amount of value in it, could very well be facing losses towards the entirety of their wallet. Definitely not a good place to be.

Several Critical Ukrainian Targets Hit by "Petya" Ransomware, Fear of Outbreak

After last month's WannaCry outbreak (which persisted in its effects as recently as last week), we now have a new variant of ransomware infecting PCs across Europe. The outbreak seems centered in Ukraine, where several government facilities and critical pieces of infrastructure have been shutdown due to the attacks. The Ukrainian government seemed almost defiantly optimistic, posting this decidedly awesome response to twitter during the attack.
Return to Keyword Browsing
Dec 10th, 2024 09:39 CST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts