Tag Archives: Locky

Hurricane Harvey Scams, Locky

US government goes after Hurricane Harvey cybercriminals

“Many trying to scam do-gooders for profit after disaster”

The US government is creating a group to take down Hurricane Harvey cybercriminals. Online thieves and scammers are taking advantage of the massive hurricane in Texas, where thousands have lost their homes and at least 29 people have died. Hackers have been spamming email inboxes with phishing attacks that claim to let you help victims, but actually steal sensitive information. This includes passwords, and in some cases, credit card information or other payment systems.

Massive Ransomware Locky Attack Unleashes 23 Million Emails In 24 Hours

“Mass attacks becoming more common”

Not all cyberattacks are created equal, and many are becoming incredibly sophisticated. Some succeed through careful planning and methodical execution. Other times criminals will launch wholesale attacks, setting as many traps as possible and waiting to see how many unsuspecting users fall into them.

The last is the approach taken by cybercriminals with a recent email barrage that is spreading a nasty new strain of the notorious Locky ransomware. Security experts at AppRiver have been watching the campaign unfold. In just 24 short hours, their systems have watched the attack fire off a jaw-dropping 23 million infected emails.

How to measure cybersecurity effectiveness — before it’s too late

“Proper metrics necessary, or you may be in the dark”

Are you measuring the value and effectiveness of your cybersecurity efforts? Most companies around the world are failing to do so, according to a recent security measurement index benchmark survey. Without establishing the proper analytical tools, you’re flying blind. And even when organizations’ information security function does generate and deliver data about the business’ security, it typically never gets read.

Enjoy your read? Check out our other content here.

Locky Ransomware, Kaiser Breach

Locky Ransomware Rears its Head in Big August Campaigns

“Encryption extension changed”

A few weeks ago Locky changed its encryption extension to .lukitus (“locked” in Finnish). This variant has still proven frustratingly difficult to decrypt, according to Heimdal Security. It is often viewed as a part of a set of malicious spam waves that are hitting users one after the other. Comodo Labs has dubbed the late August campaign as the IKARUSdilapidated version of Locky. This still has the .lukitus extension and it spreads using a botnet of zombie computers responsible for coordinating a phishing attack.

There have been two waves in the new attacks so far. The first attempts targeted emails which appeared to be from an organization’s scanner/printer or other legitimate device. When the program was successful, it encrypted the victims’ computers and demanded a bitcoin ransom payment.

Comodo released the following in an analysis sent to Infosecurity: “As many employees today scan original documents at the company scanner printer and email them to themselves and others, this malware-laden email will look very innocent,” and “The sophistication here includes even matching the scanner/printer model number to make it look more common as the Sharp MX2600N is one of the most popular models of business scanner/printers in the market.”

Cyber Security Regulation — The Move Towards Board Involvement

“New regulations will have large impact on citizens and companies”

Regulators are often times the catalyst for stronger trends in cyber security, and new regulation from the EU is going to have a serious impact on organizations that process EU data in their busineses. After four years of diligence and debate, The EU Parliament approved the Global Data Protection Regulation on April 14, 2016. It will enter into effect on May 25, 2018, at which time those organizations in non-compliance will face heavy fines.

Kaiser Permanente says 600 Riverside area members affected by data breach

“Sensitive information thought to be safe”

Kaiser Permanente is notifying about 600 members from Riverside and “surrounding areas” by mail about a patient data breach, which include medical record numbers and procedures. No other identifying information was apparenty released. The breach was detected Aug. 9 when a list of information was “inadvertently sent to an unintended email address,” the statement noted. The information did not include Social Security numbers, financial information or other member information.

Almost half a million pacemakers need a firmware update to avoid getting hacked

“Patient hearts need hacking protections”

Nearly half a million pacemakers are being recalled by the US Food and Drug Administration after the agency found that the devices could be hacked to control pacing or deplete batteries. Rather than having patients remove or replace the device, however, the manufacturer is releasing a firmware update designed to address the vulnerabilities.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 167

New Jaff Ransomware Variant Emerges

“Another active threat detected”

As WannaCry headlines begin to die down, another variant of a detrimental ransomware has begun to make the rounds. Jaff, a necurs distributed botnet, uses a similar deliery system as Locky and WannaCry. This gives security researchers an insight into the threat actors who designed Locky and Dridex, who also launched the Bart ransomware that grew concerns last year.

Survey Shows Disparity in GDPR Preparedness and Concerns

“New regulation affects any firm that does business in EU”

The GDPR will take affect one year from toay, but there seems to be little readiness for firms to take on the necessities outlined in the legislation. Specifically, geographic differences are highlighted in a recent study that shows just how ill-prepared disparate nations are.

Newly discovered vulnerability raises fears of another WannaCry

“Tens of thousands of devices potentially open to attacks”

A recently found flaw in widely used networking programs have a new flaw that could leave users open to ransomware like WannaCry. The U.S. Department of Homeland Security announced the potential for harm on Wednesday, which is claimed to be able to take control of the compromised device entirely without a patch applied by the user and admisistrator.