Malware Linked to Ryuk Targets Financial & Military Data

Dark Reading

A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information

A new piece of Ryuk Stealer targets government, military and finance sectors

Security Affairs

A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. It is not clear if the malware was developed by the threat actors behind Ryuk Ransomware for data exfiltration.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Texas Government Agencies Hit by Ransomware

Adam Levin

The local governments and agencies from twenty-three Texas towns were hit by a coordinated ransomware campaign last week. . Although the DIR has released few details about the ransomware campaign, they did confirm that it originated from a single “threat actor.”

US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware

Security Affairs

The popular US government contractor Electronic Warfare Associates (EWA) has suffered a ransomware attack , the news was reported by ZDNet. L ast week, the US government contractor Electronic Warfare Associates (EWA) has suffered a ransomware attack that also infected its web servers.

At least 23 Texas local governments targeted by coordinated ransomware attacks

Security Affairs

At least 23 local governments were impacted by a wave of ransomware attacks that according to the experts are the result of a coordinated effort. Texas is the victim of an ongoing wave of ransomware attacks that are targeting local governments.

Military documents about MQ-9 Reaper drone leaked on dark web

The Security Ledger

Hackers have put up for sale on the dark web sensitive military documents, some associated with the U.S. military’s MQ-9 Reaper drone aircraft, one of its most lethal and technologically advanced drones, security research firm Recorded Future recently discovered. » Related Stories Fitness apps: Good for your health, not so much for military security Evasive new botnet can take over enterprise devices to steal data, spread ransomware U.S.

Canadian restaurant chain Recipe suffered a network outage, is it a ransomware attack?

Security Affairs

A number of systems have been taken offline, and all the locations infected by the ransomware were isolated from the Internet. ” Recipe Unlimited denies it was victim of a ransomware attac, because it conducts regular system backups to promptly mitigate such kind of attacks.

Cyberattack Downs Pensacola’s City Systems


military base Naval Air Station Pensacola rocked the city. Critical Infrastructure Government Hacks Malware cyberattack malware pensacola pensacola cyberattack ransom ransomwareThe cyberattack comes days after a shooting at U.S.

NotPetya: From Russian Intelligence, With Love

Data Breach Today

CIA Reportedly Believes Russian Military Launched Wiper Disguised as Ransomware The CIA has attributed last year's outbreak of NotPetya wiper malware to Russia's GRU military intelligence unit, The Washington Post reports.

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption. cybersecurity hacking insurance malware ransomware russia war

Dutch and British Governments Slam Russia for Cyberattacks

Data Breach Today

Officials Attribute BadRabbit Ransomware, WADA Breach to APT28, aka 'Fancy Bear' The British and Dutch governments have issued a strong rebuke to the Russian government over an ongoing series of "Fancy Bear" hack attacks that they say were launched by Russia's military intelligence agency Russian Main Intelligence Directorate, aka the GRU.

Security Affairs newsletter Round 256

Security Affairs

Experts warn of a new strain of ransomware, the PXJ Ransomware. Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections. Most ransomware attacks take place outside the working hours. CERT France – Pysa ransomware is targeting local governments.

Security Affairs newsletter Round 253

Security Affairs

Reading Municipal Light Department, an electric utility in Massachusetts, hit by ransomware. NRC Health health care company hit with ransomware. Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates. A new round of the weekly newsletter arrived!

List of data breaches and cyber attack in March 2019 – 2.1 billion records leaked

IT Governance

Chinese hackers target universities in pursuit of maritime military secrets (unknown). Ransomware. Wolverine Solutions still notifying patients more than five months after ransomware attack (1.2 More than a million Israeli websites hit with ransomware (unknown).

MY TAKE: Former NSA director says cybersecurity solutions need to reflect societal values

The Last Watchdog

Cyber Command, as well as director, National Security Agency, and chief, Central Security Service, from March 2014 until he retired from military service in May 2018. Is America’s working definition of “national security” too narrow for the digital age?

Security Affairs newsletter Round 244

Security Affairs

A bug in the decryptor for the Ryuk ransomware could cause data loss. City of Pensacola hit by a cyberattack few days after military base shooting. Snatch Ransomware force systems to Windows Safe Mode to bypass security solutions. A new round of the weekly newsletter arrived!

£60 million in recovery costs for Norsk Hydro after refusing ransom demand

IT Governance

Earlier this month, Norsk Hydro published its first quarterly report since it fell victim to a devastating ransomware attack in March. On 19 March 2019, Norsk Hydro’s systems were infected with the LockerGoga ransomware. TrendMicro’s analysis into the ransomware found that it was the same system administration tool abused by the likes of SOREBRECT and Bad Rabbit. This means there’s a chance that the network was compromised before the attackers planted the ransomware.

Security Affairs newsletter Round 249

Security Affairs

A new piece of Ryuk Stealer targets government, military and finance sectors. A new piece of Snake Ransomware targets ICS processes. US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware. A new round of the weekly newsletter arrived!

Security Affairs newsletter Round 221 – News of the week

Security Affairs

Germany and the Netherlands agreded to build TEN, the first ever joint military internet. Germany and the Netherlands agreed to build TEN, the first ever joint military internet. LooCipher: The New Infernal Ransomware. A new round of the weekly SecurityAffairs newsletter arrived!

UK, US and its allies blame Russia’s GRU for 2019 cyber-attacks on Georgia

Security Affairs

The governments of Britain and the US declared that Russia’s military intelligence service GRU is behind the massive cyber attack that hit Georgia during 2019. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Security Affairs newsletter Round 237

Security Affairs

Autoclerk travel reservations platform data leak also impacts US Government and military. German firm Pilz still down a week after getting infected with ransomware. Ransomware attack hit the City of Johannesburg municipality. A new round of the weekly newsletter arrived!

MY TAKE: How advanced automation of threat intel sharing has quickened incident response

The Last Watchdog

military complex, who got frustrated by their inability to extract actionable intel from a deluge of threat feeds. As companies get better at centralized sharing and automated detection and response, the effectiveness of today’s leading-edge DDoS, ransomware and APT attacks ought to decline.

Security Affairs newsletter Round 216 – News of the week

Security Affairs

Shade Ransomware is very active outside of Russia and targets more English-speaking victims. Russian military plans to replace Windows with Astra Linux. A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition.

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

The Last Watchdog

The company was launched in Tel Aviv in 2017 by a couple of former Israeli military cyber ops attack specialists, Rob Gurzeev and Dima Potekhin. When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.

Malware-based attacks disrupted operations of Rheinmetall AG and Defence Construction Canada

Security Affairs

German Rheinmetall AG is a market leader in the supply of military technology, in 2019 the group generated sales of $6.9 A series of cyber attacks hit the defense contractors Rheinmetall AG and Defence Construction Canada (DCC) causing the disruption of their information technology systems.

Security Affairs newsletter Round 171 – News of the week

Security Affairs

An RDP access to internal machine goes for $10 on the dark web. · Hacker offered for sale US Military Reaper Drone documents for $200. · Hackers steal $13.5 Democrats. · A few days after discovery of GandCrab ransomware ver 4.0,

MDM 62

Security Affairs newsletter Round 186 – News of the week

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. 20% discount. Kindle Edition. Paper Copy.

IoT 80

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

According to Group-IB’s experts, the most frustrating trend of 2019 was the use of cyberweapons in military operations. As for 2019, it has become the year of covert military operations in cyberspace. Its main vector will be blackmailing as part of ransomware attacks.

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

drone attack that killed Iranian military commander Qassem Suleimani. Immediately following Iran’s counterstrike against American military posts in Iraq, a tweet circulated claiming that more than 20 American soldiers had been killed.

US charges North Korea agent over Sony Pictures hack and WannaCry

Security Affairs

Department of Justice announces charges against a North Korean government spy that was involved in the massive WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. The U.S.

List of data breaches and cyber attacks in September 2019 – 531 million records leaked

IT Governance

Ransomware. Police investigate after ransomware found on Sherman School, CT, systems (unknown). Flagstaff, AZ, school district hit by ransomware (unknown). Thousands of Linux servers infected with new Lilocked ransomware (unknown).

Weekly podcast: US Defense Department, MOD and NHS

IT Governance

The US Department of Defense is investigating a major third-party data breach in which the travel records of military and civilian personnel – which included their personal information and credit card data – were compromised.

It’s Time to Combine Security Awareness and Privacy Awareness


With bad guys like this, it’s hardly any surprise that our good guys proudly don the honorable mantle of law enforcement or military, and use an abundance of military language to describe their work, from defending the perimeter to threat vectors and so on.

Amid Growing Threats, White House Dismantles Top Cybersecurity Post

Data Matters

During their tenure at the White House, Joyce and Bossert together were responsible for managing the government’s response to cyber threats, including the WannaCry ransomware attack. Consistent with his background in arms control and military affairs, this op-ed reflects a focus on the national security aspects of cybersecurity.

Weekly podcast: 2018 end-of-year roundup

IT Governance

Rather than dropping ransomware on victims’ machines and hoping they would pay to regain access to their files, cyber criminals were increasingly cutting out the middle man and infecting victims’ machines with software that used their spare processing power to mine for cryptocurrency. in which the travel records of military and civilian personnel – which included their personal information and credit card data – were compromised.

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

Finally, as noted in the SEC’s Cybersecurity Ransomware Alert from May 2017, it is becoming increasingly helpful for executives to know what encryption protocols are in place across various systems—specifically whether systems utilize a 128-bit, 196-bit, or 256-bit cipher—as well as whether periodic cyber-risk assessments, penetration resting, and regular employee security awareness training are in place. * This article first appeared in In-House Defense Quarterly on April 3, 2018.