Category Archives: locky

Alexander Vinnik heads to trial in France on ransomware, money laundering charges

Posted on by

Accused Russian cybercriminal Alexander Vinnik’s legal odyssey continues Monday in Paris, where he faces trial on charges of extortion, money laundering and involvement in organized crime. It’s the latest milestone in a case that spans multiple countries: Vinnik was arrested in 2017 in Greece, which extradited him to France this year with the understanding that he was also wanted in the U.S. and Russia. French and U.S. prosecutors allege Vinnik helped create the infamous Locky ransomware and then launder the resulting bitcoin ransom payments through the BTC-e cryptocurrency exchange. French prosecutors are focusing on $157 million that the alleged scheme captured from French organizations. The U.S. Department of Justice says he laundered about $4 billion while running BTC-e, which also allegedly provided services to other scams. In Russia, he faces smaller-scale charges of fraud. Vinnik’s arrival in France in January followed a nearly two-year battle over where Greek authorities would send the 41-year-old, who […]

The post Alexander Vinnik heads to trial in France on ransomware, money laundering charges appeared first on CyberScoop.

Continue reading Alexander Vinnik heads to trial in France on ransomware, money laundering charges

Romanian police bust hackers allegedly plotting ransomware attacks on hospitals

Posted on by

Romanian authorities said Friday they had disrupted a cybercriminal group that planned to conduct ransomware attacks on hospitals in the country. The hackers intended to pose as government officials and send malicious emails to public health institutions that purported to contain information on the coronavirus, according to the Directorate for Investigating Organized Crime and Terrorism (DIICOT), one of Romania’s top law enforcement agencies. Such ransomware attacks could disrupt the IT systems of hospitals, DIICOT said. But before that could happen, police and security officials said they searched the suspects’ properties in Romania and neighboring Moldova. All four suspects were arrested, ZDNet reported. The hackers planned to threaten hospitals to protest Romania’s state of emergency, which has restricted public gatherings during the COVID-19 pandemic, according to Romanian news outlet Stirile Pro Tv. The threat of attacking hospitals would be a much more serious crime than the website defacements and other low-skill digital mischief usually […]

The post Romanian police bust hackers allegedly plotting ransomware attacks on hospitals appeared first on CyberScoop.

Continue reading Romanian police bust hackers allegedly plotting ransomware attacks on hospitals

TA505 launches fresh attacks on financial organizations in Singapore, UAE and U.S.

Posted on by

A criminal hacking group known for authoring the widely used Locky ransomware appears to have new targets in its sights: financial institutions in Singapore, the United Arab Emirates and United States, as well as manufacturing and retail organizations in South Korea. The TA505 group began the campaign last month through tens of thousands of malicious emails, according to researchers at cybersecurity company Proofpoint. The new code is the latest innovation from the group, which is one of the more prolific and adept financially motivated cybercrime organizations. The Windows-based Locky, which emerged in 2016, yielded more than $200 million in ransom payments at its height, according to one estimate. This time, the group is deploying a new piece of malware to download an old remote access tool (RAT) that could have let it steal credentials from a target computer, Proofpoint said. The malware was downloaded in quarantined environments and not at customer sites, meaning there is no evidence that it compromised target […]

The post TA505 launches fresh attacks on financial organizations in Singapore, UAE and U.S. appeared first on CyberScoop.

Continue reading TA505 launches fresh attacks on financial organizations in Singapore, UAE and U.S.

TA505 hackers thwarted at the door of a big financial org

Posted on by

A failed attempt to breach a big financial institution is providing new data on a global criminal hacking group known for authoring the widely-used Locky ransomware. The group, dubbed TA505, has stalked financial organizations on multiple continents. Boston-based security company Cybereason says earlier this month it blocked a hack from the group against an unnamed financial institution. “This malware is part of a larger campaign” against organizations that was precise in its targeting, Eli Salem, a Cybereason security analyst, told CyberScoop. The fresh threat intelligence from the breach attempt includes a revamped backdoor and an example of how the hackers are signing their malicious code using a legitimate certificate – a hallmark of advanced groups looking to avoid detection. TA505 is known for writing the Windows-based Locky ransomware that emerged in February 2016. At its height, Locky was one of the most common ransomware strains, employed in mass email campaigns for […]

The post TA505 hackers thwarted at the door of a big financial org appeared first on CyberScoop.

Continue reading TA505 hackers thwarted at the door of a big financial org

Ransomware Strains: The Stealthy Cyberthreat

Posted on by

Increasingly more sophisticated and sneakier ransomware strains are making the lives of cybersecurity professionals more difficult than ever. A piece of malicious software, which we now know as ransomware, was created with a clear goal in mind: extort… Continue reading Ransomware Strains: The Stealthy Cyberthreat

Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks

Posted on by

A newly discovered malware campaign that currently conducts simple reconnaissance has the versatility to download additional capabilities onto a victim’s system, according to a report published Thursday by Proofpoint. Researchers say the malware, which is named “Marap” after a detail in its command and control (C&C) server, bears similarity to other campaigns associated with a threat actor known as TA505. Proofpoint says it has observed “millions of messages” in a malicious email campaign earlier this month. Emails tend to have various types of attachments, such as PDF files and Microsoft Word documents, laced with the Marap malware. Some of the phishing documents co-opt the name of a major U.S. bank in their fake communications, Proofpoint says. So far, the researchers say that the only functionality they’ve observed in Marap is to fingerprint systems it infects. The malware gathers basic information — usernames, domain names, IP addresses, country, anti-virus software detected […]

The post Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks appeared first on Cyberscoop.

Continue reading Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks

Remove Locky Locker Ransomware – Restore .locky Files

Posted on by

This article will aid you to remove Locky Locker ransomware totally. Follow the ransomware removal instructions provided at the end of the article. Locky Locker is a virus that encrypts your files and demands money as a ransom to get…Read more
The po… Continue reading Remove Locky Locker Ransomware – Restore .locky Files

WannaCry Dominates Ransomware News in 2017, Drives 415 Percent Attack Boost

Posted on by

WannaCry drove a 415 percent increase in ransomware attacks and accounted for 90 percent of all detection reports in 2017. In addition to these eye-popping numbers, F-Secure’s “The Changing State of Ransomware” report also offered some positive ransomware news: The lack of big paydays for campaigns such as WannaCry and NotPetya are now causing a […]

The post WannaCry Dominates Ransomware News in 2017, Drives 415 Percent Attack Boost appeared first on Security Intelligence.

Continue reading WannaCry Dominates Ransomware News in 2017, Drives 415 Percent Attack Boost