Posts Tagged ‘ransomware’

Conti ransomware jumps on the data leak hype train

Friday, September 18th, 2020

Conti ransomware, a spinoff and likely heir of the infamous Ryuk, has recently launched a data dump website to take its extortion tactic to the next level.

Conti.News leak site listing files stolen from a victimThis move fits the mold of the ongoing trend of pressuring victims into submitting a ransom. As before, this harmful code is being served via TrickBot, a modular banking Trojan that exhibits malware loading properties. It used to be that the Trojan would deploy the Ryuk ransomware as the final-stage payload.

According to security researchers, Ryuk isn’t being promoted this way since July 2020. Instead, criminals associated with the TrickBot malware distribution network switched to pushing the Conti ransomware.

Conti is a new Ransomware-as-a-Service (RaaS) platform with limited cybercriminal audiences. It has hired seasoned crooks to spread the file-encrypting threat. The operators get their cut from ransom payments and give the rest to ne’er-do-wells who execute a successful extortion attack.

As per statistics derived from the ransomware identification service “ID Ransomware”, Conti infections have been steadily growing since mid-June 2020. Meanwhile, the propagation of Ryuk has taken a nosedive ever since. The overlapping of these two opposite trends proves the theory that the Ryuk group is now plaguing enterprise networks with the Conti ransomware. (more…)

Chinese Authorities Seize Ransomware Creators distributing WannaCry Copycat for Android

Friday, August 4th, 2017

Chinese Police caught a pair of young people who spread a type of SLocker Android ransomware virus that was modified to resemble WannaCry, another ransomware that stretched around the globe in the course of May infecting Windows users.

The two arrests happened in the beginning of June just several days after infosec specialists from Tencent and Qihoo 360 had discovered initial virus attacks.
Ransomware virus was masked to look like a plugin for widespread and trendy Chinese mobile game called King of Glory.

This WannaCry copycat was derived from a recent version of the SLocker ransomware, an Android virus type which has lately been seen a renaissance in the first Quarter of 2017.

Law enforcement representatives stated the ransomware authors managed to infect around one hundred user devices. The ransomware effect was minimal since its creators didn’t possess the expertise and knowledge required for massive distribution. The pair of criminals utilized hyperlinks on Chinese discussion boards and community forums to distribute their fake Kings of Glory plugin.

Ransomware authors had a number of opsec slipups and failures which led them to arrests.

(more…)