January 6, 2020 By David Bisson 2 min read

Last week in security news, the U.S. Coast Guard revealed that a maritime facility suffered an infection at the hands of the Ryuk ransomware family. Speaking of ransomware, researchers spotted ransomware attackers offering discounts and season’s greetings to convince victims to pay their ransom demands. Finally, researchers spotted a new malware family targeting Portugal, a new zero-day vulnerability in the Windows platform and more than 100 malicious Android apps using the same code package to perform ad fraud.

Top Story of the Week: Ryuk Sets Sail on a Maritime Facility’s Systems

The U.S. Coast Guard revealed that Ryuk struck a maritime facility regulated by the Maritime Transportation Security Act (MTSA). The threat’s entry point remained unclear at the time of publication, however, officials reasoned that the ransomware likely made its way onto the maritime facility’s computers via a phishing attack.

The facility shut down its primary operations for a period of 30 hours following its discovery of the attack. It made this decision after learning that Ryuk had disrupted its entire corporate IT environment, interfered with its physical access control systems and taken its critical process control monitoring systems offline.

Source: iStock

Also in Security News

  • Attack Emails Utilize Portugal Government Template to Spread Lampion Malware: At the end of 2019, Security Affairs reported on a phishing campaign that used email templates based on those used by Portuguese Government Finance & Tax employees. Those emails delivered Lampion, a member of the Trojan-Banker.Win32.ChePro family that came with its own improvements designed to foil detection and analysis.
  • Soraka Code Package Leveraged by 100+ Android Apps to Perform Ad Fraud: In December, the White Ops Threat Intelligence Team observed more than 100 malicious Android apps using a common code package called Soraka to perform ad fraud. Soraka displayed a total of three out-of-context (OOC) ads in sequence once a victim unlocked their Android device.
  • Discounts, Season’s Greetings Used to Entice Ransomware Victims Into Paying: As reported by Bleeping Computer, a security researcher spotted a sample of Sodinokibi ransomware (REvil) urging users to pay the ransom so that they would not be stressed and not waste time that they could otherwise be spending with their family during the holidays. Along a similar vein, the attackers behind a Maze ransomware campaign offered their victims a 25 percent discount on their ransom demands at the very end of 2019.
  • Windows Zero-Day Vulnerability Reported to and Patched by Microsoft: On December 10, Microsoft patched a zero-day vulnerability reported to it by Kaspersky Lab researchers. This flaw enabled digital attackers to execute arbitrary code on a victim’s machine, reported Deccan Chronicle in the new year.

Security Tip of the Week: Elevate Your Defenses Against a Ransomware Attack

Security professionals can help defend their organizations against a ransomware attack by embracing a layered defense strategy that combines antivirus solutions, anti-data encryptors and other security tools. A crucial part of this strategy should be keeping — and periodically testing — multiple data backups both offline and in the cloud.

More from

ONCD releases 2024 Report on the Cybersecurity Posture of the U.S.

4 min read - On May 7, the Office of the National Cyber Director (ONCD) released the 2024 Report on the Cybersecurity Posture of the United States. This new document is a report card on how well cyber policy followed the guidelines set by the National Cybersecurity Strategy, introduced in March 2023. Here’s what you need to know about the newly released report. Fundamental shifts in cyber roles Over the past year, the U.S. national cybersecurity posture was driven by the 2023 National Cybersecurity…

CISA wants private industry to publicly commit to Secure by Design

4 min read - The tech industry has the power to protect the world from nation-state threat attacks, cyber crime and those wanting to compromise data and manipulate critical infrastructure. But with this power comes great responsibility, which, to be honest, the tech industry has not been that interested in holding. But at the RSA Conference (RSAC) in San Francisco, the cybersecurity and tech communities took steps to exert some power and take responsibility. They took the Secure by Design pledge, a promise to…

Change Healthcare discloses $22M ransomware payment

3 min read - UnitedHealth Group CEO Andrew Witty found himself answering questions in front of Congress on May 1 regarding the Change Healthcare ransomware attack that occurred in February. During the hearing, he admitted that his organization paid the attacker's ransomware request. It has been reported that the hacker organization BlackCat, also known as ALPHV, received a payment of $22 million via Bitcoin.Even though they made the ransomware payment, Witty shared that Change Healthcare did not get its data back. This is a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today