Tag Archive for: targeted

94% of Ransomware Victims Have Their Backups Targeted

/in


Organisations that have backed up their sensitive data may believe they are relatively safe from ransomware attacks; however, this is not the case based on findings from a new study from IT security company Sophos. The report showed that cybercriminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year.

Attackers are aware that those who fall victim to ransomware must choose to either pay the ransom or recover their now-encrypted systems from a backup. To put more pressure on decision-makers to pay up, it is becoming more common for them to target the duplicated data as well as the production data. Indeed, the report showed the victim is almost twice as likely to pay up if their backup is compromised, and recovery from the attack is eight times more expensive.

The Sophos research revealed the extent of the popularity and effectiveness of ransomware groups targeting corporate backups (Figure A).

Figure A

Percentage of ransomware victims that paid the ransom to recover their data from cyber criminals.
Percentage of ransomware victims that paid the ransom to recover their data from cyber criminals. Image: Sophos

SEE: What is ransomware? Read this TechRepublic cheat sheet

How much does it cost to recover from a ransomware attack on the backup?

The Sophos research found that the median ransom demand for organisations whose backups are compromised is $2.3 million (£1.8 million) (Figure B). When the backup is not compromised, the median ransom demand is $1 million (£790k), as the attacker has less leverage.

Figure B

The median ransom demanded by cyber criminals when they have access or don’t have access to their victim’s backups.
The median ransom demanded by cyber criminals when they have access or don’t have access to their victim’s backups. Image: Sophos

“Ransomware-led outages frequently have a considerable impact on day-to-day business transactions while the task of restoring IT systems is often complex and expensive,” Sally Adam, the senior director of marketing at Sophos, wrote in the report.

Companies without compromised backups are also more likely to be able to negotiate the ransom payment down, paying out an average of 82% of the initial demand. Those whose backups are compromised will pay 98% of the demanded sum, on average.

The total cost of a ransomware attack is often more than just the ransom, as it incorporates the…

Source…

Round 2: Change Healthcare targeted in second ransomware attack – HealthLeaders Media

/in



Round 2: Change Healthcare targeted in second ransomware attack  HealthLeaders Media

Source…

Florida Memorial University reportedly targeted in ransomware cyberattack | South Florida News

/in


Florida Memorial University (FMU), South Florida’s only historically Black college or university has reportedly fallen victim to a cybersecurity breach by the ransomware group known as INC Ransom. The specifics of the data compromised during this incident remain uncertain, and the university has yet to issue a formal statement regarding the breach.







INC Ransom Blog Post

INC Ransom posts on their blog confirming their recent attack on Florida Memorial University. 


In a disturbing display of their malicious capabilities, INC Ransom has uploaded a ‘proof pack’ on its website, showcasing scans of passports, Social Security numbers, and contractual documents, ostensibly sourced from FMU’s databases.







INC Ranson's FMU Proof Pack

INC Ransom has uploaded a so-called “proof pack” on its website, showcasing scans of passports, Social Security numbers, and contractual documents, ostensibly sourced from FMU’s databases.

Source…

Call of Duty cheaters targeted with crypto-draining software

/in


Gamers downloading cheats for the first-person shooter Call of Duty are reportedly being targeted by crypto-draining malware that has so far compromised the details of more than 4.9 million accounts.

Call of Duty cheat provider Phantom Overlay was made aware of the malware campaign this week after users started to make unauthorized purchases. Phantom Overlay provides a marketplace for Call of Duty gamers to buy cheats, such as aimbot and player detection behind walls.

As reported by malware sleuth VX Underground, an unknown entity is using malware to steal the credentials of cheaters before publishing them online. The culprit has also infected users with crypto-draining malware capable of stealing bitcoin from Electrum wallets.

Most users responding to VX’s news are reveling in the misfortune of cheaters.

Malware campaign spawns unlikely alliance

VX claims that “in a bizarre twist of fate,” video game company Activision Blizzard is working alongside cheat providers to help users infected with the malware because “The scope of the impact is so large.”

Indeed, VX reports that the accounts of an estimated 3,662,627 Battlenet, 561,183 Activision, 117,366 Elitepvpers, 572,831 UnknownCheats, and 1,365 Phantom Overlay have been compromised, making up 4,915,372 accounts altogether.

Read more: Fake crypto wallet in App Store for four years drained $120K in Stacks

Phantom Overlay reportedly approached gaming forum Elitepvpers, which confirmed that over 40,000 of its accounts were comprised

VX Underground claims that the amount of crypto stolen and the malware delivery methods are currently unknown. VX also clarified that not all of the comprised accounts are cheaters, adding that some impacted users were utilizing software for latency improvement, controller boosting, and VPNs.

Protos has contacted Phantom Overlay, Elitepvpers, and Activision Blizzard for comment and will update if we hear back. 

Got a tip? Send us an email or ProtonMail….

Source…