A flaw in the mobile Safari browser has been exploited Vulnerability-related.DiscoverVulnerability by cybercriminals and used to extort money Attack.Ransom from individuals who have previously used their mobile device to view pornography or other illegal content . The Safari scareware prevents the user from accessing the Internet on their device by loading a series of pop-up messages . A popup is displayed advising the user that Safari can not open the requested page . Clicking on OK to close the message triggers another popup warning . Safari is then locked in an endless loop of popup messages that can not be closed . A message is displayed in the background claiming the device has been locked because the user has been discovered to have viewed illegal web content . Some users have reported messages containing Interpol banners , which are intended to make the user think the lock has been put on their phone by law enforcement . The only way of unlocking the device , according to the messages , is to pay a fine . One of the domains used by the attackers is police-pay.com ; however , few users would likely be fooled Attack.Phishing into thinking the browser lock was implemented by a police department as the fine had to be paid Attack.Ransom in the form of an iTunes gift card . Other messages threaten the user with police action if payment is not made Attack.Ransom . The attackers claim they will send the user ’ s browsing history and downloaded files to the Metropolitan Police if the ransom is not paid Attack.Ransom .

Victims of one the newest - and most unusual - families of ransomware could now be able to recover their files without giving into the demands Attack.Ransom of criminals because decryption tools have been released for free . A GandCrab ransomware decryption tool has been released as part of the No More Ransom initiative , following a combined operation by Bitdefender , the Romanian Police , the Directorate for Investigating Organized Crime and Terrorism ( DIICOT ) and Europol . GandGrab first appeared in January and has already claimed over 53,000 victims around the world , making it what Europol describe as `` one of the most aggressive forms of ransomware so far this year '' costing Attack.Ransom each victim anything from a few hundred dollars to a few thousand . This variant of the file-locking malware is unusual in a number of ways : not only is it spread via the use of exploit kits - a tactic usually reserved for the likes of trojans and cryptocurrency miners - it is also the first form of ransomware to ask for payments Attack.Ransom in Dash . Most other forms of ransomware demand the ransom Attack.Ransom be paid Attack.Ransom in bitcoin or Monero . The spread of GandGrab has also been helped along by a cybercrime-as-a-service scheme which offers a toolkit for deploying the ransomware in exchange for wannabee crooks giving the original authors a cut of their profits . It 's unknown which specific cybercriminal operation is behind GandGrab . However , the ransomware is advertised on Russian hacking forums , with the authors explicitly instructing those who become a part of the partnership scheme not to target Russia or any other country in the Commonwealth of Independent States of former Soviet republics . But regardless of who might be distributing GandCrab , now victims do n't need to pay a ransom Attack.Ransom to those looking to cash in on it , because the decryption tool is available for free from the No More Ransom portal and from Bitdefender . `` Ransomware has become a billion-dollar cash cow for malware authors , and GandCrab is one of the highest bidders , '' said Catalin Cosoi , senior director of the investigation and forensics unit at Bitdefender . In order to help prevent falling victim to ransomware , Bitdefender recommends regularly back-up sensitive data and to be wary of suspicious email attachments and malicious links . Launched in 2016 , the No More Ransom Attack.Ransom scheme brings law enforcement and private industry together in the fight against cybercrime and has helped thousands of ransomware victims retrieve their encrypted files without lining the pockets of crooks . The portal is available in 29 languages and since its launch has has received over 1.6 million visitors from a total of 180 countries . The release of GandCrab decryption tools comes shortly after an operation involving Europol , the Belgian National Police and Kaspersky Lab led to the release of free decryption tools for Cryakl ransomware .

In a development that will do little to address concerns associated with the security of the cryptocurrency market , a new strain of ransomware , hAnt , has infected hundreds of mining rigs in China . The cryptovirus , which some people say first reared its head in August of last year , has primarily focused its attacks on mining farms in China , the country with the highest number of mining farms . The ransomware , in a note written in both English and Chinese , has threatened to turn off the mining unit ’ s fan and compromise its overheating protection and by extension , the safety and integrity of the mining unit . To remove the ransomware , the culprit behind the strain has demanded Attack.Ransom either a ransom Attack.Ransom of 10 BTC to be paid Attack.Ransom or a malicious software that could potentially infect thousands be downloaded by the victim . Although nobody is sure how these mining rigs came to be infected , it has been suggested by some that tainted rig firmware may have been the culprit . On the other hand , some also believe that the culprit has merely taken advantage of the vulnerability of mining equipment that is usually overclocked by mining pools to boost hash power and processing speeds . Presently , Antminer S9 and T9 devices are the worst affected mining equipment . As of now , there haven ’ t been any reports of the cryptohackers actually going ahead with the threat and destroying mining rigs , which would suggest this being an empty threat . That being said , the mere fact of infection has led to several financial losses accruing from many mining operations shutting down temporarily , mining equipment being reflashed or tainted firmware simply being replaced by a new one . Bitmain , the company that manufactures much of the Antminer equipment , that has come under the attack of hAnt has for its part , came forward and cautioned users against visiting untrusted third-party sites and downloading anything outside of Bitmain . Either way , the development is not good news and does nothing to alleviate concerns associated with the safety and security of cryptocurrency-related operations and services .

Recent attacks against insecure MongoDB , Hadoop and CouchDB installations represent a new phase in online extortion Attack.Ransom , born from ransomware ’ s roots with the promise of becoming a nemesis for years to come . First spotted on Dec. 27 by Victor Gevers , an ethical hacker and founder of GDI Foundation , attacks in the past two months shot up from 200 to near 50,000 . The first of these ransom attacks Attack.Ransom against insecure databases traces back to a hacker identified as Harak1r1 , who Gevers said was responsible for compromising open MongoDB installations , deleting their contents , and leaving behind a ransom note demanding Attack.Ransom 0.2 BTC ( about $ 220 at the time ) . After that , escalation of attacks against open MongoDB installations happened fast , jumping from hundreds one week , to 2,000 the next , and 10,000 the following week . At last count more than 56,000 open MongoDB databases alone are ripe for attack , according to the most recent numbers available from GDI Foundation . But that doesn ’ t include a slew of new databases now being targeted by cybercriminals . Security researchers at Rapid7 estimate that 50 percent of the 56,000 vulnerable MongoDB servers have been ransomed Attack.Ransom . In a typical ransomware attack Attack.Ransom , an attacker compromises a computer via malware or Trojan and encrypts local data that can only be unlocked with an encryption key obtained for a price . That spurred a maturing of ransomware used against more sophisticated healthcare , government and educational targets with similar phishing Attack.Phishing , malware and Trojan techniques . However , experts say , both have acted as the stepping stones to this type of data hijacking . With data hijacking , attackers compromise insecure database installations , copy data , then delete the contents and leaving behind a ransom note in the form of a directory name demanding a ransom Attack.Ransom be paid Attack.Ransom via Bitcoin . Rapid7 has already seen additional databases such as Redis , Kibana and other SQL databases targeted in its honeypots . Josh Gomez , senior security researcher with security firm Anomali , said moving forward attacks will be less random , more targeted and seek high-value repositories with weak protection .