RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware.
Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. Despite shared origins, it is unlikely that Knight’s creators are now operating RansomHub.
Read more…
Source: Symantec
Related:
- Old banking Trojan TrickBot has been taught new tricks
March 22, 2018
The TrickBot Trojan has been upgraded with new modules to make detection, and defense, more difficult. First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks. The Trojan is most commonly connected to phishing campaigns which trick users into entering their credentials into phishing and fraudulent banking websites, designed to appear as legitimate ...
- Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers
March 21, 2018
Legitimate and large-scale cryptocurrency mining operations often invest in dedicated hardware and electric consumption to make a profit. This doesn’t escape the attention of cybercriminals: Malicious cryptocurrency mining was so pervasive last year that it was the most detected network event in devices connected to home routers. Through our incident response-related monitoring, we observed intrusion attempts whose indicators we’ve been able to ...
- ManageEngine zero-day vulnerabilities impact three out of five Fortune 500’s
March 21, 2018
Severe zero-day vulnerabilities have been discovered in ManageEngine products used by a substantial number of Fortune 500 companies. On Wednesday, researchers from Digital Defense disclosed the bugs, discovered by the firm’s Vulnerability Research Team (VRT). In a security advisory, the team said that six previously unknown vulnerabilities impact three ManageEngine products, Logs360, EventLog Analyzer and Applications Manager. Read more… Source: ZDNet
- Expedia’s Orbitz Says 880,000 Payment Cards Compromised in Security Breach
March 20, 2018
Chicago-based online travel booking company Orbitz, a subsidiary of Expedia, reveals that one of its old websites has been hacked, exposing nearly 880,000 payment card numbers of the people who made purchases online. The data breach incident, which was detected earlier this month, likely took place somewhere between October 2016 and December 2017, potentially exposing customers’ ...
- Phishing still number one method for cyber-attacks
March 16, 2018
Microsoft has just released its annual cybersecurity report and it says that phishing is still the most popular way for cyber-criminals to attack, giving security experts everywhere headaches. To create the report, Microsoft scanned more than 400 billion emails, 450 billion authentications and 1.2 billion devices. More than half (53 per cent) of all email threats are phishing ...
- Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says
March 15, 2018
The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will. United States officials and private security firms saw the attacks as a signal by Moscow that it could disrupt ...