Collaborate Disseminate
Action Fraud warns that: Fraudsters are posing [as] government officials in order to trick people into installing ransomware which encrypts files on victim’s computers [by] …cold calling education establishments claiming to be from the “Department of Education”. They then ask to be given the personal email and/or phone number of the head teacher/financial administrator.* They claim that […] Continue reading Ransomware targeting schools
Jérôme Segura examines another attack somewhere on the thin borderline between ransomware and tech support scams: Tech support scam page triggers denial-of-service attack on Macs. This is another instance of scammers encouraging victims to call a fake helpline by hitting them with some sort Denial of Service (DoS) attack: in this case, by causing Mail to keep […] Continue reading Support Scammers hit Mac users with DoS attacks
Koolova Perhaps the oddest thing to pop up recently is the Koolova ransomware (which refers to itself as Nice Jigsaw): it encrypts files and threatens to delete them, but supplies a decryption key once the victim has read two articles: Google’s Stay safe while browsing and Bleeping Computer’s Jigsaw Ransomware Decrypted: Will delete your files until you […] Continue reading Ransomware Roundup – Koolova, KillDisk and more
In case you were wondering what happened as regards the story I previously blogged here – Smart TV Hit by Android Ransomware – it appears that LG has decided after all to make the reset instructions for the TV public rather than requiring an LG engineer to perform the task for only twice the price of a […] Continue reading LG TV ransomware revisited
CyberX reports that KillDisk, already associated with cybersabotage, is now also being used as a basis for ransomware, demanding a hefty 222 bitcoin in ransom. NEW KILLDISK MALWARE BRINGS RANSOMWARE INTO INDUSTRIAL DOMAIN Commentary by Catalin Cimpanu for Bleeping Computer: KillDisk Disk-Wiping Malware Adds Ransomware Component. Commentary by David Bisson for Tripwire: KillDisk Wiper Malware Evolves into Ransomware. […] Continue reading KillDisk: from disk-wiping to ransomware
An article by Catalin Cimpanu for Bleeping Computer: It’s Almost 2017 and Users Are Still Getting Infected with Malware via Fake AV Software includes instances of a Remote Access Trojan and ransomware distributed as fake security software including Goldeneye/Petya and Stampado. David Harley Continue reading Malware distributed as fake security software
Software engineer Darren Cauthon tweeted about how: ‘Family member’s tv is bricked by Android malware. #lg wont disclose factory reset. Avoid these “smart tvs” like the plague.’ To put this into some perspective, this isn’t a recent model: he explains that ‘It was one of the first google tvs.’ (Google TV is no longer supported, and […] Continue reading Smart TV Hit by Android Ransomware
I see there is much excitement in the media about CryptXXX’s ‘Christmas discount’, the ransom having been reduced from 1.2 bitcoin to 0.5 until the end of December. Of more significance is the fact that Kaspersky have once more been able to update their Rannoh decryptor to handle CryptXXX version 3. Available from directly from Kaspersky or from […] Continue reading CryptXXX: free decryptor or discount? Hmm…
The ‘No More Ransom‘ site has quietly added a number of ‘Associated’ and ‘Supporting’ partners. For SecurityWeek, Kevin Townsend explains the difference/partner hierarchy, and quotes a number of industry figures (including me, at some length): No More Ransom Alliance Gains Momentum. It’s good news, but I think there’s more they could do. David Harley Continue reading No More Ransom: new partners
Interesting analysis from Pieter Arntz for Malwarebytes of the VinCE screen locker, intended to persuade the victim into calling the ‘helpline’ number the malware displays. An example of malware that illustrates an almost imperceptible distinction between a tech support scam and true ransomware. A closer look at a tech support screen locker This AVIEN article […] Continue reading Malwarebytes makes VinCEmeat of screen locker