Security Never Sleeps – Locky Ransomware, Kaiser Breach

Locky Ransomware Rears its Head in Big August Campaigns

“Encryption extension changed”

A few weeks ago Locky changed its encryption extension to .lukitus (“locked” in Finnish). This variant has still proven frustratingly difficult to decrypt, according to Heimdal Security. It is often viewed as a part of a set of malicious spam waves that are hitting users one after the other. Comodo Labs has dubbed the late August campaign as the IKARUSdilapidated version of Locky. This still has the .lukitus extension and it spreads using a botnet of zombie computers responsible for coordinating a phishing attack.

There have been two waves in the new attacks so far. The first attempts targeted emails which appeared to be from an organization’s scanner/printer or other legitimate device. When the program was successful, it encrypted the victims’ computers and demanded a bitcoin ransom payment.

Comodo released the following in an analysis sent to Infosecurity: “As many employees today scan original documents at the company scanner printer and email them to themselves and others, this malware-laden email will look very innocent,” and “The sophistication here includes even matching the scanner/printer model number to make it look more common as the Sharp MX2600N is one of the most popular models of business scanner/printers in the market.”

Cyber Security Regulation — The Move Towards Board Involvement

“New regulations will have large impact on citizens and companies”

Regulators are often times the catalyst for stronger trends in cyber security, and new regulation from the EU is going to have a serious impact on organizations that process EU data in their busineses. After four years of diligence and debate, The EU Parliament approved the Global Data Protection Regulation on April 14, 2016. It will enter into effect on May 25, 2018, at which time those organizations in non-compliance will face heavy fines.

Kaiser Permanente says 600 Riverside area members affected by data breach

“Sensitive information thought to be safe”

Kaiser Permanente is notifying about 600 members from Riverside and “surrounding areas” by mail about a patient data breach, which include medical record numbers and procedures. No other identifying information was apparenty released. The breach was detected Aug. 9 when a list of information was “inadvertently sent to an unintended email address,” the statement noted. The information did not include Social Security numbers, financial information or other member information.

Almost half a million pacemakers need a firmware update to avoid getting hacked

“Patient hearts need hacking protections”

Nearly half a million pacemakers are being recalled by the US Food and Drug Administration after the agency found that the devices could be hacked to control pacing or deplete batteries. Rather than having patients remove or replace the device, however, the manufacturer is releasing a firmware update designed to address the vulnerabilities.

Enjoy your read? Check out our other content here.

Leave a Reply

Your email address will not be published.