targeted_ransomware.jpg

In this week’s news, we recognize that funding stemming from malware is allowing threat actors to fine-tune malware, and be more targeted.  In this case, ransomware distributors are increasing monetary demands that are a reflection of the value of the data they are holding hostage; GovRat a malware that is being sold on the darknet for US $1600 and the latest breach of thousands of logins for EurekAlert journalists resulted in 2 embargoed news releases are a result of malware being more valuable than what enterprises are investing in cyber-security.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


Targeted Ransomware

Ransomware distribution is not so random anymore.  The distributors are fine-tuning who they are targeting and even getting so far in detail to targeting a specific department within a specific enterprise, is the new higher valued route for ransomware distributors.

why is this signficant?

  • The ransomware rampage that is clenching the finance department of enterprises large and small are amplifying efforts with the funds that enterprises are paying the ransom demand with. When ransomware hits, enterprises put a monetary value on the data that is being scrambled and compare with the ransomware demand.  In some cases, the companies that are holding data that is worth millions, pay the demand quickly.  Which also leads to an understanding that a company that holds data worth millions, has an IT team that faces issues with backing their data up.
  •  Due to ransomware running rancid and not being forced to report has also given the upper-hand to ransomware demanders.
  •  Is this a mindset of, it will never happen to us mentality?  It could also be a result of enterprises not having a resource to guide them.  Until now, http://ransomwareprevention.com/

Read the full story on KrebsOnSecurity

Interested in ransomware prevention?  Get all the answers to ransomware here - http://ransomwareprevention.com/

Malware

The second version of GovRat is out and concerning researchers more than the first version of the malware.

why is this signficant?

  • GovRat seems to be around as early as 2014, but was first detected at the end of 2015. The first version of GovRat was known to steal files, remotely execute commands and now has evolved to intercept a legitimate download and replace it with the malware.
  • The government is the target.  Apparently, GovRat has infiltrated more than 15 governments worldwide, at least 7 financial institutions and over 100 enterprises.
  • The newer version GovRat toolkit is said to be retailing on the darknet for US $1600.  This malware that is attacking governments around the world, is more readily available on the darknet and this availability, could potentially increase attacks.

/** enSilo protects against GovRAT out-of-the-box **/

Read the full story of CSO Online

Breach

Login details belonging to thousands of journalists have been compromised in the EurekAlert, a scientific online service that just celebrated 20 years of service.

why is this signficant?

  • EurekAlert is operated by the American Association for the Advancement of Science (AAAS), and is a resource for nearly 12,000 international science reporters worldwide.
  • “EurekAlert holds science-related releases and papers from hundreds of institutions such as the New England Journal of Medicine and the Journal of the American Medical Association, both of which are popular publishers of clinical drug trials.”  The cyber-attack resulted in prematurely releasing 2 embargoed news releases.  EurekAlert has gathered 20 years of the content and the integrity of this content is the main concern of AAAS.  If clinical drug trial data has been modified in any shape of form and not detected, this could have huge consequences in the medical world.
  • Due to the cyber-attack, the website was taken offline for a reported short period on September 9th, although it is reported that the service was taken offline, the EurekAlert site still seems to be offline, 9 days later.

Read the full story SC Magazine

**enSilo allows running business as usual, even during an investigation and remediation of attacks by blocking malicious activity in real-time. Read more here**