by April 7 . The gang calls themselves the `` Turkish Crime Family , '' and they 're demandingAttack.Ransom$ 75,000 in Bitcoin or Ethereum cryptocurrency . In a bizarre twist , they 're also willing to accept $ 100,000 in iTunes gift cards as an alternative form of paymentAttack.Ransom, despite the obvious concern that Apple would easily be able to track this . In return , the hacker group would delete their entire collection of compromising data . According to Motherboard , a hacker has been quoted as saying : I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing . Apparently , one of the hackers shared screenshots of emails exchanged between the group and Apple , and then gave Motherboard 's Joseph Cox access to the email account as proof . The hackers claim to have over 300 million Apple email accounts , including ones with @ icloud and @ me domains . Later on , though , another hacker from the group claimed that they actually have 559 million accounts . The only other proof they provided was a YouTube video of the hackers allegedly logging into an elderly woman 's stolen iCloud account to view backed-up photos , then wiping her device , but this video has since been removed . Lending to the credibility of the hackers ' claims , though , Apple is stated to have asked the hacker group to remove the video from YouTube : We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it 's seeking unwanted attention , second of all we would like you to know that we do not reward cyber criminals for breaking the law . Cox also states that he read other emails in their account , and that it appeared the hackers have tried to approach many different media outlets to get more attention , possibly to help their extortion effortsAttack.Ransom. Now , we do n't know how true the Turkish Crime Family 's claims are , but this is a good time to remind you to frequently change your passwords . Make them strong and unique , people ! No names , birthdays , 123s , or whatnot .
After the ransackingAttack.Databreachof MongoDB , ElasticSearch , Hadoop , CouchDB , and Cassandra servers , attackers are now hijacking hundreds of MySQL databases , deleting their content , and leaving a ransom note behind asking forAttack.Ransoma 0.2 Bitcoin ( $ 235 ) paymentAttack.Ransom. According to breach detection firm GuardiCore , the attacks are happening via brute-force attacks on Internet-exposed MySQL servers , and there 's plenty of those laying around since MySQL is one of today 's most popular database systems . All attacks came from a server in the Netherlands Based on currently available evidence , the attacks started on February 12 , and only lasted for 30 hours , during which time attackers attempted to brute-force their way into MySQL root accounts . Investigators said all attacks came from the same IP address from the Netherlands , 109.236.88.20 , belonging to a hosting company called WorldStream . During their ransackingAttack.Databreach, attackers did n't behave in a constant pattern , making it hard to attribute the hacks to one group , despite the usage of the same IP . For example , after gaining access to MySQL servers , attackers created a new database called PLEASE_READ and left a table inside it called WARNING that contained their ransom demandsAttack.Ransom. In some cases , attackers only created the WARNING table and left it inside an already existing database , without creating a new one . Investigators report that attackers would then dump the database 's content and delete it afterward , leaving only the one holding their ransomAttack.Ransom. In some cases , attackers deleted the databases without dumping any data . Attackers have their own website Two ransom notes have been found in the hundreds of confirmed attacksAttack.Ransom, one askingAttack.Ransomvictims to get in contact via email and confirm the payment , while the other used a completely different mode of operation , redirecting users to a Tor-hosted website . The two Bitcoin addresses listed in the ransom notes received four and six paymentsAttack.Ransom, respectively , albeit GuardiCore experts doubt that all are from victims . `` We can not tell whether it was the attackers who made the transactions to make their victims feel more confident about payingAttack.Ransom, '' they said . Be sure the attacker still has your data Just like in the case of the now infamous MongoDB attacksAttack.Ransomthat have hitAttack.Ransomover 41,000 servers , it 's recommended that victims check logs before deciding to payAttack.Ransomand see if the attackers actually took their data . If companies elect to pay the ransomAttack.Ransom, should always ask the attacker for proof they still have their data . None of this would be an issue if IT teams follow standard security practices that involve using an automated server backup system and deleting the MySQL root account or at least using a strong and hard-to-brute-force password . This is not the first time MySQL servers have been held for ransomAttack.Ransom. The same thing happened in 2015 , in a series of attacksAttack.Ransomcalled RansomWebAttack.Ransom, where attackers used unpatched phpBB forums to hijack databases and hold websites up for ransomAttack.Ransom.
The murky ecosystem of ransomware paymentsAttack.Ransomcomes into focus in new research led by Damon McCoy , an assistant professor of computer science and engineering at the NYU Tandon School of Engineering . Ransomware attacksAttack.Ransom, which encrypt and hold a computer user 's files hostage in exchange for paymentAttack.Ransom, extortAttack.Ransommillions of dollars from individuals each month , and comprise one of the fastest-growing forms of cyber attack . In a paper slated for presentation at the IEEE Symposium on Security and Privacy in May , McCoy and a team including researchers from the University of California , San Diego ; Princeton University ; Google ; and the blockchain analytics firm Chainalysis provide the first detailed account of the ransomware payment ecosystem , from initial attack to cash-out . Key findings include the discovery that South Koreans are disproportionately impactedAttack.Ransomby ransomware campaigns , with analysis revealing that $ 2.5 million of the $ 16 million in ransomware paymentsAttack.Ransomtracked by the researchers was paidAttack.Ransomin South Korea . The paper 's authors call for additional research to determine the reason that so many South Koreans are victimized and how they can be protected . The team also found that most ransomware operators used a Russian bitcoin exchange , BTC-E , to convert bitcoin to fiat currencies . ( BTC-E has since been seized by the FBI . ) The researchers estimate that at least 20,000 individuals made ransomware paymentsAttack.Ransomover the past two years , at a confirmed cost of $ 16 million , although the actual payment total is likely far higher . McCoy and his collaborators took advantage of the public nature of the bitcoin blockchain technology to trace ransom paymentsAttack.Ransomover a two-year period¬ . Bitcoins are the most common currency of ransomware paymentsAttack.Ransom, and because most victims do not own them , the initial bitcoin purchase provides a starting point for tracking payments . Each ransomware victim is often given a unique payment address that directs to a bitcoin wallet where the ransomAttack.Ransomis collected . The research team tapped public reports of ransomware attacksAttack.Ransomto identify these addresses and correlate them with blockchain transactions . To boost the number of transactions available for analysis , the team also executed real ransomware binaries in a controlled experimental environment , essentially becoming victims themselves and making micropayments to real ransom wallets in order to follow the bitcoin trail . `` Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically , and by injecting a little bit of our own money into the larger flow we could identify those central accounts , see the other payments flowing in , and begin to understand the number of victims and the amount of money being collected , '' McCoy said . The research team acknowledged that ethical issues prevent exploration of certain aspects of the ransomware ecosystem , including determining the percentage of victims who actually payAttack.Ransomto recover their files . McCoy explained that despite having the ability to check for activity connected to a specific payment address , doing so would effectively `` start the clock '' and potentially cause victims to either pay a double ransomAttack.Ransomor lose the opportunity to recover their files altogether . Criminal use of cryptocurrencies is one of McCoy 's research focuses . He and fellow researchers previously tracked human traffickers through their use of Bitcoin advertising .
DDoS extortionists have already pounced on the Memcached DDoS attack vector in attempts to extract paymentsAttack.Ransomfrom attacked companies . Akamai revealed earlier today that it detected DDoS attacks executed via Memcached servers that were different from others . Instead of blasting targets with UDP packets containing random data , one group of attackers is leaving short messages inside these packets . This one group is askingAttack.Ransomvictims to payAttack.Ransom50 Monero —around $ 17,000— to a Monero address . The group does n't say it will stop the attack but only implies it . Such attacks have first appeared in 2015 and were initially referred to as DDoS-for-Bitcoin after the DD4BTC group that pioneered such tactics . The group would send emails to various companies , threatening to launch DDoS attacks unless they paid a ransom feeAttack.Ransom. Even if the group 's members were arrested , other factions appeared in subsequent years , using unique names such as Armada Collective or XMR Squad , but also mimicking hacker groups such as Anonymous or LulzSec . The tactic , now known as ransom DDoS (RDoS)Attack.Ransom, has become quite popular among cybercriminal groups , and there have been too many RDoS campaignsAttack.Ransomto remember in the past years . In most past cases , attackers did n't have the firepower to launch DDoS attacks if victims ignored the ransom demandAttack.Ransom. But the Memcached-based DDoS extortionsAttack.Ransomare different . Attackers clearly have the DDoS cannon to take down companies , mainly due to the large number of unsecured Memcached servers they can abuse to launch these attacksAttack.Ransom. Victims are also more likely to payAttack.Ransom, seeing that they 're under a heavy attackAttack.Ransomand this is n't just an empty threat . But according to Daniel Smith , a Radware security researcher who spoke with Bleeping Computer , paying the Monero ransomAttack.Ransomwo n't help companies at all.That 's because attackers have used the same Monero address for multiple DDoS attacks against different targets . Here 's the same Monero address from the Akamai attacks , but spotted by a different security researcher . Attackers would n't have the ability to tell which of the multiple targets they attacked paid the ransomAttack.Ransom. The general consensus is that this group is using a carpet bombing technique , hittingAttack.Ransomas many targets as possible for short bursts , hoping to scare one into payingAttack.Ransom. `` Multiple targets are sent the same message in hopes that any of them will pay the ransomAttack.Ransom, '' Akamai said in a report today , echoing Smith 's recommendation not to pay the ransomAttack.Ransom. `` There is no sign to suggest that they are actively tracking the targets reaction to the attacks , no contact information , no detailed instructions on payment notification , '' Akamai added . `` If a victim were to deposit the requested amountAttack.Ransominto the wallet , we doubt the attackers would even know which victim the paymentAttack.Ransomoriginated from , let alone stop their attacks as a result . ''
East Ohio Regional Hospital in Harper 's Ferry , Ohio , and Ohio Valley Medical Center in Wheeling , West Virginia , both got affected by ransomware on the last weekend of November . [ 1 ] Due to this incident , ambulance patients were transported to other hospitals nearby and emergency room admissions were limited to walk-up patients only . Due to attack , employees needed to switch to paper charting and various systems were taken offline immediately . This fairly quick response limited the ransomware damage and prevented the possible data breachAttack.Databreach. [ 2 ] According to Karin Janiszewski , director of marketing and public relations for EORH and OVMC , hospitals reacted as soon as possible and , at the moment of writing , they are already using the computer network . On the following Saturday , Karin Janiszewski stated : There has been no patient information breachAttack.Databreach. The hospitals are switching to paper charting to ensure patient data protection . We have redundant security , so the attack was able to get through the first layer but not the second layer . IT staff dealt with the outbreak to avoid a data breachAttack.DatabreachWhen it comes to malware attacks on large companies , the lossAttack.Databreachof personal customer data is the worst thing that can happen . It seems that this time the situation was handled quick enough to prevent having the sensitive data being compromisedAttack.Databreach. IT team took several computers offline , and , because of this , most of the clinical operations transferred to other units , and emergency patients were automatically taken to different locations . On Saturday , when the incidents occurred , hospital officials stated that the staff is ready to take everything on paper until the downtime is over . Also , since this is a ransomware-type malware attackAttack.Ransom, hackers demand a ransomAttack.Ransom. However , officials did not select the scenario involving making the paymentAttack.Ransom. No matter how big or how little the ransom demandAttack.Ransomis , officials should n't even consider making the paymentAttack.Ransombecause it may lead to system damage or permanent data loss . [ 3 ] In the United States , data breachesAttack.Databreachand malware attacks on huge organizations have become a common thing , especially in the healthcare industry . In 2016 Hollywood Presbyterian Hospital paid the demanded ransomAttack.Ransomin Bitcoin after having its data encrypted . [ 4 ] The infection was widespread and the attackAttack.Ransomcost around $ 17 000 . Another incident that resulted in ransom paymentAttack.Ransomwas spotted in Kansas Heart Hospital in 2016 also . Unfortunately , after the payment was madeAttack.Ransom, attackers disappeared ignoring the promise to decrypt locked files . They send yet another ransom demandAttack.Ransominstead and asked forAttack.Ransoma bigger amount of money . Previously this year , the Indiana-based hospital got infected with SamSam which is an infamous ransomware virus which has been relying on specific infection tactics which is highly personalized . After considering different scenarios , the hospital decided to payAttack.Ransom4 BTC ( equal to $ 45 000 at that time ) for ransomware developers to get private keys needed for files ' recovery . Ransomware developers gave what they promised .
E-Sports Entertainment Association ( ESEA ) , one of the largest competitive video gaming communities on the planet , was hacked last December . As a result , a database containing 1.5 million player profiles was compromised . On Sunday , ESEA posted a message to Twitter , reminding players of the warning issued on December 30 , 2016 , three days after they were informed of the hack . Sunday ’ s message said the leak of player informationAttack.Databreachwas expected , but they ’ ve not confirmed if the leaked recordsAttack.Databreachcame from their systems . Late Saturday evening , breach notification service LeakedSource announced the addition of 1,503,707 ESEA records to their database . When asked for additional information by Salted Hash , a LeakedSource spokesperson shared the database schema , as well as sample records pulled at random from the database . Learn about top security certifications : Who they 're for , what they cost , and which you need . However , in all , there are more than 90 fields associated with a given player record in the ESEA database . While the passwords are safe , the other data points in the leaked records could be used to construct a number of socially-based attacks , including PhishingAttack.Phishing. Players on Reddit have confirmed their information was discovered in the leaked data . A similar confirmation was made Twitch ’ s Jimmy Whisenhunt on Twitter . The LeakedSource spokesperson said that the ESEA hack was part of a ransom schemeAttack.Ransom, as the hacker responsible demandedAttack.Ransom$ 50,000 in paymentAttack.Ransom. In exchange for meeting their demands , the hacker would keep silent about the ESEA hack and help the organization address the security flaw that made it possible . In their previous notification , ESEA said they learned about the incidentAttack.Databreachon December 27 , but make no mention of any related extortion attemptsAttack.Ransom. The organization reset passwords , multi-factor authentication tokens , and security questions as part of their recovery efforts . We ’ ve reached out to confirm the extortion attemptAttack.Ransomclaims made by the hacker , as well as the total count for players affected by the data breachAttack.Databreach. In an emailed statement , a spokesperson for ESL Gaming ( parent company to Turtle Entertainment ) confirmed that the hacker did in fact attempt to extort moneyAttack.Ransom, but the sum demandedAttack.Ransomwas `` substantially higher '' than the $ 50,000 previously mentioned . The company refused to give into the extortion demandsAttack.Ransom, and went public with details before the hacker could publish anything . The statement also confirms the affected user count of 1.5 million , and stressed the point that ESEA passwords were hashed with bcrypt . When it comes to the profile fields , where more than 90 data points are listed , ESL Gaming says those are optional data points for profile settings . `` We take the security and integrity of customer details very seriously and we are doing everything in our power to investigate this incident , establish precisely what has been taken , and make changes to our systems to mitigate any further breaches . The authorities ( FBI ) were also informed and we will do everything possible to facilitate the investigation of this attack , '' the message from ESL Gaming concluded . `` Based on the proof provided to us by the threat actor of possessionAttack.Databreachof the stolen data , we were able to identify the scope of the data that was accessedAttack.Databreach. While the primary concern and focus was on personal data , some of ESEA ’ s internal infrastructure including configuration settings of game server hardware specifications , as well as game server IPs was also accessibleAttack.Databreach. Due to the ongoing investigation , we prioritized customer user data first , '' the statement explains . In the days that followed that initial contact , ESEA worked to secure their systems , and the hacker kept making demands . On January 7 , ESEA learned the hacker also exfiltratedAttack.Databreachintellectual property from the compromised servers
On March 24 , 2017 , a member of a top-tier Russian cyber criminal forum posted an advertisement for “ Fatboy , ” a new ransomware-as-a-service ( RaaS ) product . The advertiser , operating under the username “ polnowz , ” describes Fatboy as a partnership , offering support and guidance through Jabber . While the RaaS has not yet received any endorsements or feedback from the hacking community , on March 26 , “ ilcn , ” a reputable member of the forum , offered to assist polnowz with translation in the product . The Fatboy ransomware is dynamic in the way it targets its victims ; the amount of ransom demandedAttack.Ransomis determined by the victim ’ s location . According to polnowz , Fatboy uses a payment scheme based on The Economist ’ s Big Mac Index ( cited as the “ McDonald ’ s Index ” in the product description ) , meaning that victims in areas with a higher cost of living will be charged more to have their data decrypted . Purchasers of the Fatboy RaaS partner directly with the author of the malware and not through a third-party vendor . Potential partners also receive paymentAttack.Ransominstantly when a victim pays their ransomAttack.Ransom, adding another level of transparency to this partnership . Since February 7 , 2017 , the author of the Fatboy RaaS has purportedly earned at least $ 5,321 USD from their own ransomware campaignsAttack.Ransomusing this product . A computer infected with the Fatboy malware will display the above message , explaining that the user ’ s files have been encrypted , stating the ransomAttack.Ransomamount , and warning the user against interfering with the ransomware . The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers . Additionally , the automatic price adjustment feature shows an interest in customizing malware based on the targeted victim . Organizations should be aware of the adaptability of Fatboy , as well as other ransomware products , and continuously update their cyber security strategies as these threats evolve .
The ransomware attackAttack.Ransomtargeting global hospitals , governments and telecoms using a leaked National Security Agency ( NSA ) exploit may be the result of a `` targeted attack gone horribly wrong '' , according to a team of well-regarded security researchers . Experts from Recorded Future , a threat intelligence company headquartered in the US , say analysis of the hackers ' bitcoin addresses – set up to receive money from infected computers – indicates the attackers were unprepared for such a widespread incident . `` A part of carefully planned large-scale ransomware attackAttack.Ransomrequires a separate bitcoin address for each victim , guaranteeing the miscreant controlling the operation would later be able to identify the paymentAttack.Ransomand decrypt the correct system , '' wrote security expert John Wetzel in a blog post . He said in the WannaCry ransomware campaignAttack.Ransom, however , only a `` handful '' of wallets were used . `` Such unusual behaviour suggests the current epidemic was never planned by criminals , and resulted from targeted attacks going horribly wrong , '' he added . At the time of writing , the criminals ' bitcoin wallets have received over $ 40,000 worth of bitcoin , a type of cryptocurrency . All funds remain untouched . The security firm said the inaction is likely due to `` intense scrutiny '' of police and investigators . `` Unintended or not , the scale and scope of damage in this attack is unprecedented . Criminals will utilise any method available in their pursuit of monetary gain . While the gain in this attack was limited , the damage was massive , and possibly avoidable , '' Wetzel noted . Recorded Future is just one of many firms probing the malware – which was exploiting the same Microsoft Windows vulnerability as a leaked NSA exploit called EternalBlue . The bug , patchedVulnerability-related.PatchVulnerabilityin March 2017 , targeted the SMB ( Server Message Block ) , experts foundVulnerability-related.DiscoverVulnerability. Microsoft has been outspoken on the topic of the NSA storing vulnerabilities for its software . `` Repeatedly , exploits in the hands of governments have leaked into the public domain and caused widespread damage , '' said the firm 's president , Brad Smith , on 14 May . `` We expect to see further attacks from variants of this malware , '' warned Recorded Future , adding : `` The best advice is to update your antivirus on endpoints , to ensure that all Windows systems are fully patchedVulnerability-related.PatchVulnerability, to configure firewalls to block access to SMB and RDP ports . '' On 15 May , as the UK working week was set to begin , fears mounted that a second round of infections could take place . According to Kaspersky Lab 's Costin Raiu , the malware was still in circulation , but appeared to be less widespread than previously predicted . `` Kaspersky Lab has noted about 500 new attempted WannaCry attacksAttack.Ransomacross its customer base – by comparison , on 12 May ( Friday ) there were six times as many attempts during the first hour alone . This suggests the infection may be coming under control , '' Raiu said . Security experts , including MalwareTech and Matt Suiche , worked through the weekend ( 13-14 May ) to locate so-called `` kill-switches '' that could curb the spread of the ransomware . At the same , law enforcement around the world launched investigations into the incident .
Cyber security researchers on Monday pointed to code in a "ransomware" attackAttack.Ransomthat could indicate a link to North Korea . Symantec and Kaspersky Lab each cited code that was previously used by a hacker collective known as the Lazarus Group , which was behind the high-profile 2014 hack of Sony that was also blamed on North Korea . But the security firms cautioned that it is too early to make any definitive conclusions , in part because the code could have been merely copied by someone else for use in the current event . The effects of the ransomware attackAttack.Ransomappeared to ease Monday , although thousands more computers , mostly in Asia , were hitAttack.Ransomas people signed in at work for the first time since the infections spread to 150 countries late last week . Health officials in Britain , where surgeries and doctors ' appointments in its national health care system had been severely impacted Friday , were still having problems Monday . But health minister Jeremy Hunt said it was `` encouraging '' that a second wave of attacks had not materialized . He said `` the level of criminal activity is at the lower end of the range that we had anticipated . '' In the United States , Tom Bossert , a homeland security adviser to President Donald Trump , told the ABC television network the global cybersecurity attack is something that `` for right now , we 've got under control . '' He told reporters at the White House that `` less than $ 70,000 '' has been paid as ransomAttack.Ransomto those carrying out the attacks . He urged all computer users to make sure they installVulnerability-related.PatchVulnerabilitysoftware patches to protect themselves against further cyberattacks . In the television interview , Bossert described the malware that paralyzed 200,000 computers running factories , banks , government agencies , hospitals and transportation systems across the globe as an `` extremely serious threat . '' Cybersecurity experts say the hackers behind the `` WannaCry '' ransomware , who demandedAttack.Ransom$ 300 paymentsAttack.Ransomto decrypt files locked by the malware , used a vulnerability that came from U.S. government documents leaked online . The attacks exploitedVulnerability-related.DiscoverVulnerabilityknown vulnerabilities in older Microsoft computer operating systems . During the weekend , Microsoft president Brad Smith said the clandestine U.S. National Security Agency had developed the code used in the attack . Bossert said `` criminals , '' not the U.S. government , are responsible for the attacks . Like Bossert , experts believe Microsoft 's security patch releasedVulnerability-related.PatchVulnerabilityin March should protect networks if companies and individual users install it . Russian President Vladimir Putin said his country had nothing to do with the attack and cited the Microsoft statement blaming the NSA for causing the worldwide cyberattack . `` A genie let out of a bottle of this kind , especially created by secret services , can then cause damage to its authors and creators , '' Putin said while attending an international summit in Beijing . He said that while there was `` no significant damage '' to Russian institutions from the cyberattack , the incident was `` worrisome . '' `` There is nothing good in this and calls for concern , '' he said . Even though there appeared to be a diminished number of attacks Monday , computer outages still affected segments of life across the globe , especially in Asia , where Friday 's attacks occurred after business hours . China China said 29,000 institutions had been affected , along with hundreds of thousands of devices . Japan 's computer emergency response team said 2,000 computers at 600 locations were affected there . Universities and other educational institutions appeared to be the hardest hit in China . China 's Xinhua News Agency said railway stations , mail delivery , gas stations , hospitals , office buildings , shopping malls and government services also were affected . Elsewhere , Britain said seven of the 47 trusts that run its national health care system were still affected , with some surgeries and outpatient appointments canceled as a result . In France , auto manufacturer Renault said one of its plants that employs 3,500 workers stayed shut Monday as technicians dealt with the aftermath of the Friday attacks . Security patches Computer security experts have assured individual computer users who have kept their operating systems updated that they are relatively safe , but urged companies and governments to make sure they applyVulnerability-related.PatchVulnerabilitysecurity patches or upgradeVulnerability-related.PatchVulnerabilityto newer systems . They advised those whose networks have been effectively shut down by the ransomware attackAttack.Ransomnot to make the payment demandedAttack.Ransom, the equivalent of $ 300 , paidAttack.Ransomin the digital currency bitcoin . However , the authors of the "WannaCry" ransomware attackAttack.Ransomtold their victims the amount they must payAttack.Ransomwill double if they do not comply within three days of the original infection , by Monday in most cases . The hackers warned that they will delete all files on infected systems if no paymentAttack.Ransomis received within seven days .
Since last Friday , over 200,000 victims in 150 countries have been hitAttack.Ransomby a massive , international ransomware cyberattackAttack.Ransomcalled WannaCry . Ransomware is a type of malware that works by seizing control of and blocking access to a computer ’ s files , programs , and operations . Users are then informed that they must payAttack.Ransoma certain amount in order to regain access to their files , with the threat of permanently losing all of their data if they choose not to payAttack.Ransom. In the WannaCry attackAttack.Ransom, users were given three days to make the paymentAttack.Ransombefore the fee increased , and seven days before the files would be lost forever . The massive scope and potential financial impact of the WannaCry attackAttack.Ransomhas understandably caused a lot of panic , and companies and individuals alike have been rushing to protect their devices . However , this frenzy has opened up new damaging routes for fraud . One of these attack routes is through mobile applications that have been found on third-party application stores . There are various mobile applications advertising that they can be used to protect users from the WannaCry ransomware . However , our analysts found that some of these apps contained adware meant to infect the devices they are downloaded onto . Rather than protecting users ’ devices , they are causing them harm . The adware found is classified as Adware.mobidash , which is a module that attackers used to include into Android games and apps and monetize them . This adware has the capability to load webpages with ads , show other messages in the status bar , and modify the DNS server . This is quite dangerous as the real risk lies in the fact that the end user ’ s device is performing unwanted activity without their authorization . To hide this dangerous behavior , the adware doesn ’ t start to perform its malicious activity immediately ; instead , it lies latent in the device before activating after a short period of time . We have blogged a lot about digital trust , fake news , and all sorts of tricksAttack.Phishingthat criminals use to get the attention of consumers to get them to click on a link . Yet we continue to be amazed by how sophisticated the manipulation of the human factor has become . It will only be a matter of time until we see the WannaCry malware expand further to trickAttack.Phishingend users into installingVulnerability-related.PatchVulnerabilitya patch that allegedly prevents the new massive ransomware attackAttack.Ransom. However , this time it will not be a patch , but a new version or variant of a financially motivated malware .
Disney boss Bob Iger has said the mass media giant is being targeted by hackers who are trying to extort moneyAttack.Ransomfrom the firm by threatening to release a film they claim to have stolenAttack.Databreach. The CEO of the entertainment behemoth told ABC employees of the stand-off at a town hall meeting in New York , multiple sources told The Hollywood Reporter . The hackers are said to have demandedAttack.Ransoma substantial paymentAttack.Ransomin Bitcoin , and threatened to release five minutes of the unnamed film and then subsequent 20-minute chunks if their demandsAttack.Ransomaren ’ t met . There are rumors circulating that the film in question could be upcoming blockbuster Pirates of the Caribbean : Dead Men Tell No Tales , although the hackers are running out of time if so as it ’ s due to open next Friday . The news calls to mind a similar incident last month when a hacker uploaded the upcoming series of Netflix prison drama Orange is the New Black to The Pirate Bay after the streaming giant refused to pay upAttack.Ransom. In that instance , Netflix claimed that “ a production vendor used by several major TV studios had its security compromised ” , highlighting the need for organizations in the entertainment sector to revisit their cyber-defenses and those of their partners . Mark James , security specialist at Eset , argued that anything of high value will be a target for thieves , be it digital or physical . “ Disney has refused to pay the ransomAttack.Ransomand rightly so . If you ’ re going to download the film from an unofficial or dodgy source anyway then a month before or a month after is not going to make much of a difference , ” he added . `` The film industry has been plagued with piracy issues as early as the 1960s and this is n't going to change anytime soon . Paying the ransomAttack.Ransomor indeed any ransomAttack.Ransomis generally frowned upon for many reasons . Funding other criminal activity , rewarding the bad guys or funding future attacks are all good reasons to not pay as the chances are it ’ s going to get released anyway . ”
Hackers that tried to extort moneyAttack.Ransomfrom Disney by threatening to make public an upcoming movie ahead of its release date appear to have been bluffing , the firm ’ s boss has revealed . Chairman and CEO Bob Iger said the media giant had , to its knowledge , not been hacked . “ We had a threat of a hackAttack.Databreachof a movie being stolenAttack.Databreach. We decided to take it seriously but not react in the manner in which the person who was threatening us had required , ” he told Yahoo Finance . “ We don ’ t believe that it was real and nothing has happened. ” The hackers apparently demandedAttack.Ransoma large paymentAttack.Ransomin Bitcoin , and threatened to release five minutes of the stolen film followed by subsequent 20-minute instalments if their demandsAttack.Ransomweren ’ t met . Disney likely took the threat seriously given that a similar incident occurred last month when a hacker uploaded the upcoming series of Netflix prison drama Orange is the New Black to The Pirate Bay after the streaming giant refused to pay a ransomAttack.Ransom. In that case , a third-party production vendor used by the studios was to blame , after its security was compromised by the hacker . Iger acknowledged the elevation of cybersecurity to a “ front burner issue. ” “ Technology is an enabler to run our businesses more securely , whether that ’ s protecting our intellectual property or protecting our guests or employees around the world , ” he argued . Unfortunately , many boardrooms don ’ t share Iger ’ s enthusiasm for cybersecurity-related issues . Just 5 % of FTSE 100 companies claim to have a technology expert on the board , despite most of them ( 87 % ) identifying cybersecurity as a major risk to the firm , according to a recent Deloitte report . Yet cybersecurity is something the C-level need to get urgently up to speed with , as increasing numbers are targeted by whalers . Just this month , Barclays CEO Jes Staley was trickedAttack.Phishinginto emailing someone pretending to beAttack.Phishingthe bank ’ s chairman , John McFarlane .
Earlier this month , Salted Hash reported on a surge in attacks against publicly accessible MongoDB installations . Since January 3 , the day of that first report , the number of victims has climbed from about 200 databases to more than 40,000 . In addition to MongoDB , those responsible for the attacks have started targeting Elasticsearch and CouchDB . No matter the platform being targeted , the message to the victim is the same ; send a small Bitcoin paymentAttack.Ransomto the listed address , or forever lose access to your files . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . The problem is , some of the more recent attacksAttack.Ransomshow evidence the database was erased . So even if the ransom is paidAttack.Ransom, the data is lost for good . The researchers tracking these attacks are aware of at least four individuals who delete the databases entirely after running a list command . Once deleted , they ’ ll leaveAttack.Ransomthe ransom note and logoff the system . So far , these individuals have used more than a dozen Bitcoin wallet addresses , and nine different email accounts . The tracking document is available on Google Docs . Only one of those victims had backups to use when the ransom paymentAttack.Ransomfailed . Soon , criminals started going after other development platforms , such as Elasticsearch - a Java-based search engine that 's popular in enterprise environments . Then they moved on to public facing Hadoop and CouchDB deployments .