Reading Time: ~ 2 min.
Florida City Sees Lasting Effects of Ransomware Attack
Nearly three weeks after the City of Jupiter, Florida suffered a ransomware attack that took many of their internal systems offline, the city has yet to return to normal. City officials announced they would be working to rebuild their systems from backups, rather than paying any ransom, and were able to get their main website up and running again, along with many essential services. The timing of the attack couldn’t have been worse, as most of the City’s staff were under lockdown and unable to access compromised machines in a quick and safe manner.
Hackers Breach San Francisco International Airport
Late last Month, Russia-based hackers attempted to breach the internal networks of San Francisco International Airport using a simple injection script to obtain employee credentials. By forcing the use of the SMB file-sharing protocol, the hackers could quickly grab the usernames and hashed passwords, which would then allow them to deploy any number of malicious payloads or access extremely sensitive information. Shortly after the attack was detected and subsequently ended, the IT staff issued a forced password reset for all staff in hopes of minimizing any further damage.
Critical Exploits Patched by Microsoft
Recently, Microsoft patched three zero-day exploits that could allow remote code execution, privilege increases, and even creating new accounts with full OS permissions. Two of the patched flaws related to the Adobe Type Manager Library and were functional on multiple Windows® operating systems, but performed different tasks based on the environment in which they were deployed.
DDoS Suspect Arrested in Netherlands
Two Dutch government websites that were created to distribute information related to the COVID-19 pandemic fell victim to a DDoS attack for several hours. Dutch authorities, who have been heavily involved in many cybersecurity operations, have arrested at least one suspect and shut down 15 sites offering DDoS services. Hopefully, the shutdowns will help reduce the number of these types of attacks going forward.
RagnarLocker Takes Down Portuguese Energy
One of the largest energy providers in Europe, Energias de Portugal (EDP), became the victim of a ransomware attack that used the RagnarLocker variant. In exchange for the estimated 10TB of data stolen during the attack, attackers demanded a ransom of $ 10.9m to be paid in cryptocurrency. The authors behind RagnarLocker have already begun posting segments of the stolen data to their main website, along with the promise to release the rest and make their entire client list aware of the breach, if the ransom isn’t met.
The post Cyber News Rundown: Ransomware Wrecks Florida City appeared first on Webroot Blog.
The City of Torrance of the Los Angeles metropolitan area, California, is the last victim of the DoppelPaymer Ransomware, hackers also stole its data.
On Sunday, the computer systems in the city of Torrance suffered a cyber attack that interrupted access to email accounts and server functions.
The City of Torrance is located in the South Bay along the Pacific coast, it has a population of approximately 150,000 people.
Now additional news about the attack is circulating online, it seems that the City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware.
Unfortunately, the attacker have also stole unencrypted data from the infected systems before decripting them.
The attackers are demanding a more than $ 680 ransom worth of Bitcoin (100 BTC) to decrypt data, meantime they have already leaked online a part of the stolen files on their Dopple Leaks website to force the victims to meet the request.
DoppelPaymer operators have published a page titled “City of Torrance, CA” that contains numerous leaked file archives.
“Based on the names of the archives, this data includes city budget financials, various accounting documents, document scans, and an archive of documents belonging to the City Manager.” reported Bleeping Computer.
Below the Tweet published the data breach notification service Under the Breach:
DoppelPaymer operators told BleepingComputer that in the attack took place on March 1st they encrypted files on approximately 150 servers and 500 workstations. The gang also claims to have erased the City’s local backups and to have stolen over 200 GB of files.
BleepingComputer has obtained a list of all of the files the hackers claim to have stolen, it includes 269,123 files throughout 8,067 directories.
DoppelPaymer in November compromised systems at the Mexican state-owned oil company Petróleos Mexicanos (Pemex) and demanded a $ 4.9 million ransom.
(SecurityAffairs – ransomware, hacking)
The post DoppelPaymer Ransomware hits City of Torrance and demands a 680K+ ransom appeared first on Security Affairs.
DoppelPaymer ransomware allegedly struck a U.S. coastal city in Los Angeles County by stealing its unencrypted data and then encrypting its devices. As reported by Bleeping Computer, the operators of DoppelPaymer updated their “Dopple Leaks” leak site with a post entitled “City of Torrance, CA.” This post contained numerous links to files that DoppelPaymer’s attackers […]… Read More
The post DoppelPaymer Ransomware Struck City in Los Angeles County appeared first on The State of Security.
Reading Time: ~ 2 min.
MedusaLocker Ransomware Spotted Worldwide
While it’s still unclear how MedusaLocker is spreading, the victims have been confirmed around the world in just the last month. By starting with a preparation phase, this variant can ensure that local networking functionality is active and maintain access to network drives. After shutting down security software and deleting Shadow Volume copies, it begins encrypting files while setting up self-preservation tasks.
Bargain Website Server Exposes Customer Data
Several websites used by UK customers to find bargains have left a database filled with customer data belonging to nearly 3.5 million users completely unprotected and connected to the internet. Along with the names and addresses of customers, the database also included banking details and other sensitive information that could be used to commit identity fraud. The researchers who initially discovered the breach notified the site owners, but received no response or any indication the leak would be resolved until nearly six weeks after the database was left exposed.
Arrests Made Following Major BEC Scam
At least three individuals have been arrested in Spain for their connection to a business email compromise (BEC) scam that netted over 10 million euros and affected 12 companies across 10 countries. It appears the operation began in 2016 and involved the cooperation of multiple law enforcement agencies. By creating a web of fake companies and bank accounts, the group was able to successfully launder money into various investments, including real estate, in an attempt to remain undetected.
LA Court System Hacked
The perpetrator of a 2017 spear phishing attack on the LA court system was sentenced to 145 months in prison following convictions on charges of wire fraud, unauthorized access to a computer, and identity theft. The individual was able to compromise employee email accounts and use them to launch a malspam campaign that distributed over 2 million emails.
Pennsylvania School District Hacked
Multiple students are being questioned after school district officials noticed unauthorized access to the student assistance site Naviance, a hack which appears to have been an attempt “to gain a competitive edge in a high-stakes water gun fight.” Access to the site would have also given them access to other student’s personal data, though no financial or social security information is stored on the site. District officials determined the security practices for the site lacking but have not currently released plans for improvement.
The post Cyber News Rundown: MedusaLocker Ransomware appeared first on Webroot Blog.