Kaspersky cybersecurity experts: The North Korea APT’s malware, a backdoor, moves laterally through infected networks and extracts confidential information.
Krebs on Security: Ransomware gangs now outing victim businesses that don’t pay up
Cybercrime increase pressure on ransomware’s victims threatening to spread data stolen if they refuse to pay. It has been denounced by Krebs on Security. According the cyber security media, one gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors. The message displayed at the top of the Maze Ransomware public shaming site. Less than 48 hours ago, the cybercriminals behind the malware strain erected a Web site on the Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malicious code that have declined to pay ransoms. “Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!”
Maze ransomware authors created a public web site with malware victims info
KrebsOnSecurity was able to verify that at least one of the companies listed on the cybercrime site indeed recently suffered from a Maze ransomware attack that has not yet been reported in the news media. The information disclosed for each malware victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by the malicious code. The move by malware authors comes just days after the cybercriminals responsible for managing the “Sodinokibi/rEvil” ransomware empire posted on a popular dark Web forum that they also plan to start using stolen files and data as public leverage to get victims to pay ransoms.
Laurence Abrams: Ransomware attacks are now data breaches
According to Lawrence Abrams, founder of the cyber security media BleepingComputer, “Ransomware attacks are now data breaches. During ransomware attacks, some threat actors have told companies that they are familiar with internal company secrets after reading the company’s files. Even though this should be considered a data breach, many ransomware victims simply swept it under the rug in the hopes that nobody would ever find out. Now that ransomware operators are releasing victim’s data, this will need to change and companies will have to treat these attacks like data breaches.”