Cyber Security and Information Systems Information Analysis Center
Ransomware is computer malware that installs covertly on a victim's device and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim's data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim's data, until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
Recently, the Wordfence team has seen ransomware being used in attacks targeting WordPress. We are currently tracking a ransomware variant we are calling "EV ransomware." The following post describes what this ransomware does and how to protect yourself from being hit by this attack. Read More
Drug and vaccine maker Merck & Co Inc (MRK.N) said it suffered a worldwide disruption of its operations when it was the victim of an international cyber attack in June, halting production of its drugs, which will hurt its profits for the rest of the year. The company said it does not yet understand the full magnitude of the impact as it is in the Read More
If one is looking for evidence that the Defense Department has gone some distance toward better managing and defending its famously decentralized collection of thousands of disparate IT networks, the aftermath of this past spring’s WannaCry and Petya ransomware attacks is a good place to start. Although they did severe damage to hundreds of thousands of Read More
US-based and international courier delivery service FedEx admitted on Monday that some of its systems were significantly affected by the NotPetya ransomware, and some of the damage may be permanent. FedEx was just one of the many businesses across the world hit by the NotPetya ransomware, a cyber-weapon designed to attack organizations in the Ukraine, but Read More
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim's private information. LeakerLocker claims to have made an unauthorized backup of a phone's sensitive information that could be leaked to a user's contacts unless it receives "a modest Read More
The ransomware attacked more than 153 Linux servers that South Korean web provider Nayana hosted, locking up more than 3,400 websites on June 10. In Nayana's first announcement a few days later, it said the hackers demanded 550 bitcoins to free up all the servers -- about $1.62 million. Read More
Cyber security firm Symantec said on Monday it was "highly likely" a hacking group affiliated with North Korea was behind the WannaCry cyber attack this month that infected more than 300,000 computers worldwide and disrupted hospitals, banks and schools across the globe. Read More
The Split Tunnel SMTP Exploit allows an attacker to bypass an organization’s email security gateway and inject messages with malicious payloads directly into the victim’s email server. This exploit targets a newly discovered vulnerability in popular Email Encryption appliances as a backdoor. Read More
A Department of Homeland Security official told Reuters earlier this week that some U.S. critical infrastructure operators have been affected by the recent WannaCry ransomware campaign. Read More
The emerging threat becomes clear: criminals with no programming knowledge are now able to target any organization or person with minimal effort. And what better way to maximize the payout than to target those industries where lives immediately depend on network connected devices that can be ransomed? Read More
The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Information Assurance, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More
| Phone: | 800-214-7921 |
| Email: | i...@csiac.org |
| Address: | 266 Genesee St. Utica, NY 13502 |
