Ransomware Gangs and the Name Game Distraction

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.

Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.

Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members — such as which types of victims aren’t allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network. Continue reading Ransomware Gangs and the Name Game Distraction

Garmin Pays Ransom to Evil Corp – Despite Russian Sanctions

It’s emerged that Garmin caved into pressure and paid several million dollars’ ransom to WastedLocker-wielding criminals.
The post Garmin Pays Ransom to Evil Corp – Despite Russian Sanctions appeared first on Security Boulevard.
Continue reading Garmin Pays Ransom to Evil Corp – Despite Russian Sanctions

Garmin confirms ransomware attack, keeps quiet on possible Evil Corp. involvement

Finally, Garmin customers who have put off their exercise routine because of outages on the website and mobile app can lace up their running shoes again. Garmin said in a statement Monday that it has started restoring services following a ransomware attack that locked “some” systems on July 23. While the company says it has no indication that scammers accessed customer data, the attack did interrupt website functionality, customer support services, user apps and corporate communications, according to the statement. “Affected systems are being restored and we expect to return to normal operation over the next few days,” Garmin said. “We do not expect any material impact to our operations or financial results because of this outage.” The official update confirms prior reporting that hackers had infiltrated Garmin’s systems and demanded an extortion fee to allow the company to resume activity as normal. Garmin previously said its mobile app was […]

The post Garmin confirms ransomware attack, keeps quiet on possible Evil Corp. involvement appeared first on CyberScoop.

Continue reading Garmin confirms ransomware attack, keeps quiet on possible Evil Corp. involvement

Attackers Targeted Dozens of U.S. Companies with WastedLocker

Security researchers identified a string of attacks in which malicious actors attempted to target dozens of U.S. organizations with WastedLocker ransomware. Symantec detected the attack attempts on several of its customers’ networks. As part of t… Continue reading Attackers Targeted Dozens of U.S. Companies with WastedLocker