During trend Micro researchers monitoring of the ransomware threat landscape, they discovered samples with infection chain characteristics and payloads that can be attributed to FOG ransomware.
A total of nine samples were uploaded to VirusTotal between March 27 and April 2, which the researchers recently discovered were multiple ransomware binaries with .flocked extension and readme.txt notes. Trend Micro observed that these samples initially dropped a note containing key names related to the Department of Government Efficiency (DOGE), an initiative of the current US administration that has been making headlines, recently about a member who allegedly assisted a cybercrime group involved in data theft and cyberstalking an agent of the Federal Bureau of Investigation (FBI). The note also contains instructions to spread the ransomware payload to other computers by pasting the provided code in the note.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Dark web vendors are selling remote access to corporate PCs for as little as $3
October 24, 2017
Dark Web marketplaces are selling remote access to desktop PCs for as little as $3, allowing criminals to spy on firms without resorting to malware. The sale of remote access credentials is allowing attackers to steal data from organisations in healthcare, education, government, retail, and other sectors. In Window PCs, Microsoft’s Remote Desktop Protocol (RDP) allows individuals ...
- Latest Sofacy Campaign Targeting Security Researchers
October 23, 2017
Sofacy, the Russian-speaking APT group connected to interference in the 2016 U.S. presidential election, has been targeting researchers, admins and others interested in cybersecurity. Cisco’s security research arm Talos published a report on Sunday describing a campaign linked to Sofacy, also known as Fancy Bear and APT 28 among other names, using a decoy document related to the CyCon ...
- Hackers race to use Flash exploit before vulnerable systems are patched
October 20, 2017
Hackers are rushing to exploit a zero-day Flash vulnerability to plant surveillance software before organisations have time to update their systems to patch the weakness. Uncovered by researchers at Kaspersky Lab on Monday, the CVE-2017-11292 Adobe Flash vulnerability allows attackers to deploy a vulnerability which can lead to code execution on Windows, Mac, Linux, and Chrome OS systems. The exploit enables ...
- Hackers Take Aim at SSH Keys in New Attacks
October 19, 2017
SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SSH keys to be used to compromise websites. “What ...
- Data breach hits 30m South Africans
October 18, 2017
The personal information of about 30 million South Africans has been compromised. This was revealed by Australian-based IT security researcher Troy Hunt. He created the Have I been pwned? platform as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. Following the ...
- Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!
October 17, 2017
Hacking ATM is now easier than ever before. Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs. Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for ...