Ransomware

Ryuk’s decryptor tool — provided by the threat actors behind the ransomware to victims who have paid ransom demands — could actually cause data loss instead of reinstating file access to users.

The AnteFrigus ransomware is delivered via a malvertising campaign to lure victims to the RIG exploit kit server, while the PureLocker ransomware, has been observed to launch targeted attacks against enterprise production servers.

Another company has disclosed that that they were hit by a ransomware attack, this time involving the encryption of the customer data of SmarterASP.net, a popular hosting service provider for ASP.NET.

Ransomware made headlines again, starting with a campaign that hit companies in Spain, including Cadena SER, the country’s largest radio network. In another part of the globe, threat actors managed to infect government systems in Nunavut.

A report highlights how “access-as-a-service” providers and ransomware groups have come together to compromise and victimize more targets, mostly corporate networks.

Three hospitals of the DCH Health System were hit by a ransomware attack on October 1, forcing the medical institutions to turn away noncritical patients while they work to securely restore their affected IT systems.

A new variant of HDDCryptor aka Mamba was uncovered recently. The ransomware has been known to use DiskCryptor to encrypt disk and network files and overwrite the Master Boot Record (MBR).

A new family of malware with an apparent connection to the notorious Ryuk ransomware was uncovered — but instead of encrypting files, they were found targeting government-, military-, and finance-related files.

Dubai and Taiwan were hit by two separate ransomware attacks. Several hospitals in Taiwan and a Dubai-based contracting firm were affected.