Worldwide Ransomware attacks confirmed in March 2020

Roll-up of Ransomware attacks we have detected in March 2020

‘CovidLock’ Exploits Coronavirus Fears With Bitcoin Ransomware

Opportunistic hackers are increasingly seeking to dupe victims using websites or applications purporting to provide information or services pertaining to coronavirus.

Cybersecurity insurance firm Chubb investigates its own ransomware attack

The Maze ransomware group says it has encrypted data belonging to Chubb, which claims to be one of the world’s largest insurance companies, and is threatening to publicly release data unless a ransom is paid.

Ryuk Ransomware Takes Out Durham, North Carolina

The North Carolina city of Durham has become the latest US municipality struck by ransomware after reports suggested the Ryuk variant forced key services offline.

Casinos in Las Vegas Hit by Suspected Ransomware Attack

Slot machines in two Las Vegas casinos were out of action for almost a week in an incident that bears all the hallmarks of a ransomware attack.

Fake COVID-19 apps can load ransomware, spyware on devices

Security and tech experts have warned that hackers are now resorting to emails and apps claiming to provide information on the COVID-19 outbreak to fool victims into installing malware on their devices.

Ransomware attacks on PC’s increasing for 2020

Charlene Stone was on her PC in her Kennedy Heights, Ohio, home, when a “support alert” took over her screen.

Ransomware attack hits Durham, N.C.

Hackers of “Russian” origin targeted the city and county governments of Durham, N.C., over the weekend, hampering computer and communications networks with ransomware, according to local officials.
https://www.securityinfowatch.com/cybersecurity/news/21129321/ransomware-attack-hits-durham-nc

PwndLocker Ransomware Targeting Municipalities, Enterprise Networks

Security researchers discovered a new ransomware family called “PwndLocker” targeting municipalities and enterprise networks.

Ransomware Attack: Georgia City Pays $380K Ransom to Hackers

The City of Cartersville, Georgia submitted a $380,000 payment in non-tradeable Bitcoins to hackers, along “with an additional $7,755.65 paid for transaction fees and negotiators,” according to The Daily Tribune News. The payment came after the city experienced a Ryuk ransomware attack in May 2019.

Ransomware Attack Hits FinTech Company Finastra

The London-based fintech company, Finastra, which provides financial software to the global banking sector, has reported suffering a ransomware attack that prompted the company to shut down its servers and caused disruptions to its global operations.

Fresh virus misery for Illinois: Public health agency taken down by… web ransomware. Great timing, scumbags

As the world tackles the COVID-19 coronavirus pandemic, ransomware creeps have knocked offline a public health agency’s website that served nearly a quarter of a million people in the US.

Ransomware Attacks Epiq Legal Services; Global Systems Offline

Epiq, a legal services provider, has identified a ransomware attack that forced the company to take its global systems offline. To date, there is no evidence that any unauthorized data transfer, misuse or exfiltration took place during the ransomware attack, according to Epiq.

Steel manufacturer EVRAZ gets hit by Ryuk ransomware

The North American steel production plants of global company EVRAZ have been hit by the infamous Ryuk ransomware, sources say.

Steel manufacturer EVRAZ gets hit by Ryuk ransomware

The North American steel production plants of global company EVRAZ have been hit by the infamous Ryuk ransomware, sources say.

Ransomware Is a Large, Growing Problem in New Mexico

In New Mexico, three school districts, one university, one city, one county and one state government agency have collectively spent millions to regain control of their computer systems after ransomware attacks.

NetWalker Ransomware Attacks Illinois Public Health District

Cybercriminals launched a NetWalker (Mailto) ransomware attack against the Illinois Champaign-Urbana Public Health District (CUPHD) website, according to The News-Gazette. The health district’s email accounts, environmental health records and patient electronic medical records were unaffected by the cyberattack.

Boeing and Tesla manufacturer in ransomware attack

Visser Precision, a manufacturing company that makes custom parts for various industries, confirmed it was recently targeted in a ransomware attack. Stephan Chenette, Co-Founder and CTO at AttackIQ looks into the issue.

Stolen data of company that refused REvil ransom payment now on sale

Operators of the Sodinokibi (aka Sodin or REvil) Ransomware as a Service (RaaS) recently published over 12GB of data that allegedly belongs to one of its victims – Brooks International – that refused to pay ransom.

Ransomware Attack: Defense Contractor CPI Pays Hackers $500K – Report

U.S. defense contractor CPI suffered a ransomware attack in January 2020, paid hackers a $500,000 extortion fee, and is still recovering from the attack as of March 5, TechCrunch reports.

One of Roman Abramovich’s companies got hit by ransomware

EVRAZ, one of the world’s largest steel manufacturers and mining operations, has been hit by ransomware, a source inside the company told ZDNet today.

Energy company supplier suffers ransomware attack

A supplier of the energy company Ameren Missouri has been hit by a ransomware attack – one that allowed the malicious actors behind the attack to steal some information from the firm.

Spartanburg School District 1 hit with ransomware attack

Officials of a Spartanburg County school district didn’t think it was necessary to notify parents when a cyber-attack shut down computer systems for three days last week.
https://www.goupstate.com/news/20200303/spartanburg-school-district-1-hit-with-ransomware-attack

Councils’ parking app hit by ransomware attack

Five days into an outage, the maker of PayMyPark - a parking payment app used by Wellington, Hutt, Tauranga, Christchurch, Dunedin and other city councils - has admitted it was the victim of a ransomware attack.

New Mac ransomware appears: KeRanger, spread via Transmission app

New ransomware infecting Apple OS X surfaced on March 4th, 2016, with the emergence of KeRanger. The first inkling of trouble came at the weekend.

PUBG Ransomware is a new type of malware that locks your files unless you play PlayerUnknown’s Battlegrounds

A new piece of ransomware locks the files of infected computers until its victims play a round of the popular battle-royale shooter, PlayerUnknown’s Battlegrounds (PUBG).

Ransomware attack hits Champaign-Urbana Public Health District

A ransomware attack shut down Champaign-Urbana’s public health website, hindering the city’s ability to provide information and updates on the Coronavirus pandemic.

Ottawa Hospital computers hit by ransomware

Ottawa Hospital has confirmed its computer network was hit with ransomware this week, as four of its 9,800 machines were affected. As reported by CBC News, the computers were struck by malicious code that encrypted files and data. “The malware locked down the files and the hospital responded by wiping the drives,” said Kate Eggins, a spokeswoman for the hospital.

Secondary school is being held to ransom after a ‘Chinese cyber attack’ caused the loss of Year 11 students’ GCSE coursework

A secondary school is being held to ransom after a cyber attack caused students to lose GCSE coursework, with hackers demanding money to return the work.

TeslaCrypt ransomware attacks gamers – “all your files are belong to us!”

An aggressive new ransomware called TeslaCrypt is targeting Windows users, and it breaks new ground by expanding on a familiar yet successful formula.

Coronavirus Tracker app on Android is a malicious ransomware; security researchers explain how to unlock affected devices

Coronavirus Tracker app locks victim’s device and requests $100 in random. Here is how you can avoid becoming a victim.

U.K. Bitcoin Ransomware Attacks Hit Record High Last Year: Report

Bitcoin and crypto-related ransomware attacks hit a record high in the United Kingdom last year.

Norsk Hydro confirms ransomware attack

A Norwegian aluminium producer has confirmed a ransomware attack is affecting several areas of its business, forcing it to switch to manual operations

Medical and military contractor Kimchuk hit by data-stealing ransomware

Kimchuk, a medical and military electronics maker, has been hit by data-stealing ransomware.
https://techcrunch.com/2020/03/26/kimchuk-medical-military-ransomware/

Architecture Firms Under Threat of Ransomware Attacks

Now that offices have shut down across the country due to the coronavirus pandemic and companies are scrambling to get everyone back on track offsite, it’s no surprise that malign actors would try to take advantage of that chaos. “We’ve seen two to three times the usual number of breaches, most frequently ransomware attacks, in the last two weeks,” says Robert Rosenzweig, national cyber risk practice leader at Risk Strategies, a large national insurance brokerage.
https://www.architecturalrecord.com/articles/14524-architecture-firms-under-threat-of-ransomware-attacks

Nemty Ransomware Punishes Victims by Posting Their Stolen Data

The Nemty Ransomware is the latest cybercrime operation to create a data leak site to punish victims who refuse to pay ransoms.

New PwndLocker Ransomware Targeting U.S. Cities, Enterprises

Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.

Ryuk ransomware hits Fortune 500 company EMCOR

EMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems.

Ransomware Threatens to Reveal Company’s ‘Dirty’ Secrets

The operators of the Sodinokibi Ransomware are threatening to publicly share a company’s “dirty” financial secrets because they refused to pay the demanded ransom.

New Nefilim Ransomware Threatens to Release Victims’ Data

A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.

Sodinokibi Ransomware Data Leaks Now Sold on Hacker Forums

Ransomware victims who do not pay a ransom and have their stolen files leaked are now facing a bigger nightmare as other hackers and criminals sell and distribute the released files on hacker forums.

France warns of new ransomware gang targeting local governments

France’s cyber-security agency issued an alert this week warning about a new ransomware gang that’s been recently seen targeting the networks of local government authorities.

Cyber ​​attack: the EssilorLuxottica group struck by ransomware

Since Saturday March 21, the optical specialist Essilor has suffered a major computer attack. The attackers demand a ransom to unblock the situation.

Russian-Speaking Hackers Attack Pharma, Manufacturing Companies in Europe

Malware belonging to Russian-speaking threat actors was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries.

Ransomware attack hundreds of LaSalle County government computers

The LaSalle County government is seeing a big interruption to its services this week. The county is dealing with a ransomware attack on its computers discovered by the Sheriff’s Office last Sunday around 3:30 a.m

Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach

A precision parts maker for space and defense contractors has confirmed a “cybersecurity incident,” which TechCrunch has learned was likely caused by ransomware.
https://techcrunch.com/2020/03/01/visser-breach/

Data breach follows P.E.I. ransomware attack

Internal documents from the provincial government appear to have been posted online, one week after provincial government servers were hit with a ransomware attack.

Ransomware attack cancels classes at Three Rivers College

Nearly all classes at Three Rivers College locations have been called off for the rest of the week. Nursing and Allied Health classes at Poplar Bluff and Sikeston will continue.

Fort Worth ISD Hacked, Joining Other Texas Schools, Towns Hit By Ransomware Attacks

The Fort Worth Independent School District is recovering from a ransomware attack last week. The district hopes everything will be back to normal by next Monday, when students and teachers return from spring break — but that may not be the case.

Cyber Attack Reported In Bluffton, South Carolina, Authorities Confirm

Authorities confirmed Thursday that Bluffton Fire and Rescue in Bluffton, South Carolina has been impacted by a cyber attack.

SpaceX Contractor Hit by Data Breach

An aerospace and industrial manufacturer has become the latest firm to have sensitive internal documents published online by ransomware attackers.

Malware called ‘coronavirus map’ posted on WhatsApp to steal data: Mumbai cops

Amidst the Covid-19 outbreak, the Mumbai police have unearthed a malware called ‘coronavirus map’ devised to steal confidential data, including bank account details and passwords.