Ransomware has proven that it is not going away, and hackers are continuing to develop and invest in new strains and delivery methods. This week, a spam campaign known for spreading Cerber ransomware has changed its payload just as a new ransomware-as-a-service offering popped up. The first strain, dubbed Sage, is a variant of CryLocker ransomware that requests $2,000 in Bitcoin and appends .sage to encrypted files. Read more.
U.S. authorities are investigating whether Yahoo’s recent data breaches should have been reported sooner to investors, potentially setting a major precedent for when companies are required to disclose a hack in the future. The investigation will most likely center on the company’s 2014 breach—which took two years to disclose. Read more.
More than 50 percent of small and midsized businesses have fallen victim to ransomware, and of those, 48 percent paid a ransom, according to a survey released today by Ponemon Institute and Carbonite. The average company had four ransomware attacks last year, paid an average ransom of $2,500 per incident, and spent 42 hours dealing with the attack. Read more.
Two researchers from the University College London discovered a sizable botnet they’ve dubbed the Star Wars botnet, consisting of 350,000 bots that could be used to spread spam or malicious links, spread phony social media trending topics and attempt to influence public opinion. The botnet, which has remained dormant since 2013, is reportedly tens of times larger than any public collection of Twitter bots. Read more.
A new and evasive mobile ransomware strain called Charger has appeared on the Google Play store. The malware was bundled with an SMS-snooping app called EnergyRescue that pawned itself off as a battery management utility, according to Check Point security researchers. The malicious app was found three weeks ago and has since been removed from Google Play. The Charger ransomware does not encrypt data on the targeted devices, but locks the phone and displays a ransom note demanding money. Read more.
A New version of the SpyNote Trojan is designed to trick Android users into thinking it’s a legitimate Netflix application. Once installed, the remote access Trojan essentially hands control of the device over to the hacker, enabling them to copy files, view contacts, and eavesdrop on the victim. Zscaler discovered the Trojan, which works through the apps command and control server and uninstalls antivirus protections a user may have set up on the devices, in hopes of evading detection. Read more.