to anonymous attackers through the digital currency Bitcoin . A Connecticut city has paidAttack.RansomUSD 2,000 to restore access to its computer system after a ransomware attackAttack.Ransom. West Haven officials said Thursday they paid the moneyAttack.Ransomto anonymous attackers through the digital currency bitcoin to unlock 23 servers and restore access to city data . The attackAttack.Ransomdisabled servers early Tuesday morning , and city officials say it was contained by 5:30 PM Wednesday . City attorney Lee Tiernan says officials initially did n't want to pay the ransomAttack.Ransom, but research showed it was the best course of action . The city says there 's no reason to believe data was compromisedAttack.Databreach. Employee pay was not affected . The US Department of Homeland Security says the attack came from outside the US . An investigation is ongoing .
A group calling itself XMR Squad has spent all last week launching DDoS attacks against German businesses and then contacting the same companies to inform them they had to payAttack.Ransom€250 ( $ 275 ) for `` testing their DDoS protection systems . '' German DDoS protection firm Link11 reported attacks against DHL , Hermes , AldiTalk , Freenet , Snipes.com , the State Bureau of Investigation Lower Saxony , and the website of the state of North Rhine-Westphalia . The attackAttack.Ransomagainst DHL Germany was particularly effective as it shut down the company 's business customer portal and all APIs , prompting eBay Germany to issue an alert regarding possible issues with packages sent via DHL . `` They seem to know what to hit , '' said Daniel Smith , security researcher for Radware , and one of the persons currently keeping tabs of the attacks . The group sent emails to all the companies it targeted . In the emails , they did n't ask for a ransomAttack.Ransomto stop the attacksAttack.Ransom, but a fee for having already carried out what they called a DDoS protection test . Usually , these types of groups launch DDoS attacks and then send emails to their victims requesting for paymentsAttack.Ransomto stop the attacksAttack.Ransom. XMR Squad 's emails looked like invoices for unrequested DDoS tests . Furthermore , the ransom note did n't include payment instructions , which is weird , to say the least . DDoS ransomsAttack.Ransomare usually handled in Bitcoin or another anonymous cryptocurrency . It was strange to see the group ask for paymentAttack.Ransomin Euros , as the group 's name included the term XMR , the shortname for Monero , an anonymous cryptocurrency . While the group advertised on Twitter that their location was in Russia , a German reporter who spoke with the group via telephone said `` the caller had a slight accent , but spoke perfect German . '' To the same reporter , the group also claimed they carried out the attacks only to get public attention . The attention they got was n't the one they expected , as their hosting provider took down their website , located at xmr-squad.biz . Germany , in particular , has been the target of several DDoS blackmailers in the past year . In January and February , a group calling itself Stealth Ravens launched DDoS-for-Bitcoin ransom attacksAttack.Ransom. Link11 , who tracked those attacksAttack.Ransom, claimed the group used a DDoS botnet built with the Mirai IoT malware and asked forAttack.Ransom5 Bitcoin ( $ 6,000 ) to stop attacksAttack.Ransom. Last year in June , another group named Kadyrovtsy also targeted German businesses , launching attacksAttack.Ransomof up to 50 Gbps . This group began DDoS ransom attacksAttack.Ransoma month earlier by first targeting Polish banks . All these groups are following the same modus operandi perfected by groups like DD4BC and Armada Collective . These two groups appeared in the summer and autumn of 2015 and targeted companies worldwide . In January 2016 , Europol arrested suspects believed to be DD4BC members in Bosnia and Herzegovina . Following the arrests , both groups became inactive . After the demise of these two main groups , there was a wave of copycats [ 1 , 2 , 3 , 4 , 5 ] that used their respective reputation to extort paymentsAttack.Ransomfrom companies , in many cases without even possessing any DDoS capabilities .
A second UK university has been hitAttack.Ransomby a major ransomware attackAttack.Ransomthis week , as new figures showed the country is the most frequently targeted by the malware in Europe . The attackAttack.Ransomappears to have struck Northern Ireland ’ s Ulster University on the same day a ransomware outageAttack.Ransomaffected University College London ( UCL ) . Ulster Uni ’ s Information Services Division ( ISD ) revealed yesterday that its AV partner suspects a zero-day threat was the cause , also echoing the current thinking at UCL . Three departmental file shares have been affected and remained at “ read only ” access at the time of writing . Like its counterparts at UCL , Ulster University ’ s ISD appears to be following best practice regarding back-ups , which will help mitigate the impact of the attack . It explained : “ ISD take backups of all our shared drives and this should protect most data even if it has been encrypted by the malware . Once we are confident the infections have been contained , then we will restore the most recent back up of the file . ISD can confirm that a backup of the shares was successfully taken at close of business on Tuesday 12th June. ” Fraser Kyne , EMEA CTO at Bromium , urged all UK university IT teams to be on high alert for possible attacks . “ The initial reports are suggesting that the ransomware was able to get in at UCL through a zero-day exploit , which allowed it to bypass antivirus software , ” he added . “ That really underscores the limitations of antivirus ; in that it is only able to stop things that it knows are bad . Given that most malware is only seen once in the wild before it evolves into something different , there ’ s very little that antivirus can offer in the way of protection. ” UCL now believes the initial infection vector was a user visiting a compromised website rather than opening a phishing email attachment as first thought . The latest stats from Malwarebytes show the UK is the hardest hit in Europe when it comes to ransomware . There were three-times as many detections in the UK in Q1 2017 than the next most impacted country : France . In fact , while ransomware infections dropped 4 % across Europe they increased 57 % in the UK year-on-year . The total volume of cyber-attacks on UK firms soared 500 % year-on-year , with no single threat type declining . Across Europe , Italy and the UK were almost tied as having the highest number of malware detections in Europe ; 16.3 % and 16.2 % respectively .