Personal computers and devices aren’t the only targets for ransomware authors. Their methods have evolved to target government offices and profitable organizations, forcing them to rethink their cybersecurity mitigation plans.

 

Blackheart Records Data Left Exposed Online

Recently, it has been discovered that a large, unsecured database containing sensitive information on several prominent recording artists from Blackheart Records was left publicly available for an undetermined amount of time. The data that was found included passport scans, banking information, and other sensitive login information for Joan Jett and several of her bandmates. While the database has since been taken offline, the researchers state that there are still hundreds of servers and private machines that use Rsync as a backup, which leaves the server vulnerable.

GoldenEye Ransomware, New Petya Variant

In the past week, a new variant of the Petya ransomware has been discovered in the wild. Going by the name ‘GoldenEye‘, the variant runs the file encryption prior to gaining administrative privileges to modify the MBR (Master Boot Record), unlike Petya which would attempt the MBR modification first. While encrypting the hard drive, ‘GoldenEye’ displays a fake ChkDsk screen to placate the user until the process is complete. Currently, it’s main targets appear to be German-speaking users and is primarily spread through spam email campaigns.

Stegano Embeds Malicious Code in Banner Ads

In the past few months, researchers have been seeing a steady rise in the malicious ad campaign dubbed ‘Stegano’, which places malicious code into the parameters controlling transparency for pop-up banner ads. This recent campaign could potentially lead to millions of end-users becoming infected, as the altered ads have been found on many high-traffic news sites that typically have higher levels of security. Once the code ensures the system is running Internet Explorer, it begins redirecting the victim to sites hosting Adobe Flash exploits and attempts to infect and gather sensitive data. Fortunately for many users, several of the Flash exploits have already been resolved, which will lead to fewer infections.

Pennsylvania Prosecutor’s Office Pays Ransom

While the Avalanche Network was being dismantled by cooperating government agencies last week, the prosecutor’s office in Pennsylvania was recovering from a cyber attack which demanded a $1,400 bitcoin ransom payment. The attack was linked to a 2015 employee breach, but the after effects are still being seen after they decided to pay the ransom. In the six-year span that the Avalanche group operated, they are credited with infecting over half a million computers across nearly 200 countries.

Indiana County Out $200,000 After Ransomware Attack

Recently, it was announced that Madison County, Indiana spent a total of $200,000 in the wake of a ransomware attack on several county offices. With a ransom of $21,000 being paid out to the attackers, the additional expenditures were to recover their infected systems and provide better long-term security, including a backup solution for their data. Even with a high ransom, it’s not surprising to see the costs continue to rise as the victims scramble to rebuild and begin the hard task of creating and implementing a cybersecurity mitigation plan.

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This