ZDNet: Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities

ZDNet: Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities. “A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment.”

BBC: How hackers extorted $1.14m from University of California, San Francisco

BBC: How hackers extorted $1.14m from University of California, San Francisco. “A leading medical-research institution working on a cure for Covid-19 has admitted it paid hackers a $1.14m (£910,000) ransom after a covert negotiation witnessed by BBC News.”

ZDNet: New ransomware masquerades as COVID-19 contact-tracing app on your Android device

ZDNet: New ransomware masquerades as COVID-19 contact-tracing app on your Android device. “Researchers from ESET said this week that the ransomware emerged only a few days after Health Canada announced the release of COVID Alert, which will first be tested in Ontario before rolling out nationwide.”

Bleeping Computer: Extortionists threaten to destroy sites in fake ransom attacks

Bleeping Computer: Extortionists threaten to destroy sites in fake ransom attacks. “Scammers are targeting website owners with blackmail messages asking them to pay ransoms between $1,500 and $3,000 in bitcoins to avoid having their sites’ databases leaked and their reputation destroyed. As the fraudsters falsely claim, they exfiltrate the databases to attacker-controlled servers using credentials harvested after exploiting a vulnerability found within the sites’ software.”

New Ransomware Tactic Called “Double Extortion” Discovered (Make Tech Easier)

Make Tech Easier: New Ransomware Tactic Called “Double Extortion” Discovered . “As you may guess from the name, “double extortion” works by attacking the business twice over. It still uses a database-encryption attack to extort money, but it adds an extra initial attack to ensure a backup doesn’t render the attack useless. First, before the malware developer attacks with ransomware, they breach in the company’s database. They extract as much data as they can and store it on their servers. After that, they conduct the ransomware attack as normal.”

BetaNews: Ransomware posing as a coronavirus app is threatening people for money

BetaNews: Ransomware posing as a coronavirus app is threatening people for money. “The coronavirus pandemic has created some confusing times. Trying to get a better handle on the situation, some people have looked to mobile apps to track the spread of the disease. These users were shocked to find they had accidentally installed a malware app instead.”

Fresh virus misery for Illinois: Public health agency taken down by… web ransomware. Great timing, scumbags (The Register)

The Register: Fresh virus misery for Illinois: Public health agency taken down by… web ransomware. Great timing, scumbags . “As the world tackles the COVID-19 coronavirus pandemic, ransomware creeps have knocked offline a public health agency’s website that served nearly a quarter of a million people in the US.”

Neowin: Malicious Coronavirus tracking app for Android locks users out of their device

Neowin: Malicious Coronavirus tracking app for Android locks users out of their device. “If you are thinking of installing an app on your Android device from a third-party source to keep track of the coronavirus outbreak, think again. It has been discovered that CovidLock posing as a COVID-19 tracking app is a malicious ransomware Android app in disguise that is locking users out of their phones.”

CBR: Casinos in Las Vegas Hit by Suspected Ransomware Attack

CBR: Casinos in Las Vegas Hit by Suspected Ransomware Attack. “Slot machines in two Las Vegas casinos were out of action for almost a week in an incident that bears all the hallmarks of a ransomware attack. Investigations are currently underway by the Nevada State Game Control Board, which told us it is ‘actively monitoring the situation’.”

Forbes: You’ve Been Hit With Ransomware – Next Steps To Recovery

Forbes: You’ve Been Hit With Ransomware – Next Steps To Recovery. “You know it’s going to be a bad day when that screen appears on one of your computer monitors letting you know that one of your systems has been taken over by ransomware. Your first response may be to panic. But try to avoid that. Instead, take a few initial steps that may help you protect your data and which may also help in recovering your systems.”

VentureBeat: How AI is fighting, and could enable, ransomware attacks on cities

VentureBeat: How AI is fighting, and could enable, ransomware attacks on cities. “Before 2019, ransomware was perhaps best known for targeting businesses and individuals. Attacks against Travelex, oil and gas companies like Maersk and industrial control systems led to hundreds of millions of dollars in losses in recent years. But increasingly, cities, public utilities, and public-facing institutions are also being targeted. As attacks increase, a growing number of security experts are using AI to improve the effectiveness of their malware attack defenses.”

Ars Technica: US natural gas operator shuts down for 2 days after being infected by ransomware

Ars Technica: US natural gas operator shuts down for 2 days after being infected by ransomware. “A US-based natural gas facility shut down operations for two days after sustaining a ransomware infection that prevented personnel from receiving crucial real-time operational data from control and communication equipment, the Department of Homeland Security said on Tuesday.”

Ars Technica: Windows trust in abandoned code lets ransomware burrow deep into targeted machines

Ars Technica: Windows trust in abandoned code lets ransomware burrow deep into targeted machines. “Attackers behind one of the world’s more destructive pieces of ransomware have found a new way to defeat defenses that might otherwise prevent the attack from encrypting data: installing a buggy driver first and then hacking it to burrow deeper into the targeted computer.”

Ars Technica: Why is the healthcare industry still so bad at cybersecurity?

Ars Technica: Why is the healthcare industry still so bad at cybersecurity?. “Many articles about cybersecurity risks in healthcare begin with descriptions of live simulations (so when in Rome). Imagine a doctor completely unaware of what they’re walking into triaging two patients: one in need of a hospital cardiac catheterization lab after an irregular electrocardiogram (EKG) reading, the other suffering from a stroke and needing a CT scan. All systems are down due to ransomware, so the physician working through the scenario can’t access electronic health records or use any of the assessment methods modern medicine is so reliant on. So, what to do?” Incredibly deep dive. If you’re at all interested in security issues around health care, I urge you to read this article.