Last week in security news, the U.S. Coast Guard revealed that a maritime facility suffered an infection at the hands of the Ryuk ransomware family. Speaking of ransomware, researchers spotted ransomware attackers offering discounts and season’s greetings to convince victims to pay their ransom demands. Finally, researchers spotted a new malware family targeting Portugal, a new zero-day vulnerability in the Windows platform and more than 100 malicious Android apps using the same code package to perform ad fraud.
Top Story of the Week: Ryuk Sets Sail on a Maritime Facility’s Systems
The U.S. Coast Guard revealed that Ryuk struck a maritime facility regulated by the Maritime Transportation Security Act (MTSA). The threat’s entry point remained unclear at the time of publication, however, officials reasoned that the ransomware likely made its way onto the maritime facility’s computers via a phishing attack.
The facility shut down its primary operations for a period of 30 hours following its discovery of the attack. It made this decision after learning that Ryuk had disrupted its entire corporate IT environment, interfered with its physical access control systems and taken its critical process control monitoring systems offline.
Also in Security News
- Attack Emails Utilize Portugal Government Template to Spread Lampion Malware: At the end of 2019, Security Affairs reported on a phishing campaign that used email templates based on those used by Portuguese Government Finance & Tax employees. Those emails delivered Lampion, a member of the Trojan-Banker.Win32.ChePro family that came with its own improvements designed to foil detection and analysis.
- Soraka Code Package Leveraged by 100+ Android Apps to Perform Ad Fraud: In December, the White Ops Threat Intelligence Team observed more than 100 malicious Android apps using a common code package called Soraka to perform ad fraud. Soraka displayed a total of three out-of-context (OOC) ads in sequence once a victim unlocked their Android device.
- Discounts, Season’s Greetings Used to Entice Ransomware Victims Into Paying: As reported by Bleeping Computer, a security researcher spotted a sample of Sodinokibi ransomware (REvil) urging users to pay the ransom so that they would not be stressed and not waste time that they could otherwise be spending with their family during the holidays. Along a similar vein, the attackers behind a Maze ransomware campaign offered their victims a 25 percent discount on their ransom demands at the very end of 2019.
- Windows Zero-Day Vulnerability Reported to and Patched by Microsoft: On December 10, Microsoft patched a zero-day vulnerability reported to it by Kaspersky Lab researchers. This flaw enabled digital attackers to execute arbitrary code on a victim’s machine, reported Deccan Chronicle in the new year.
Security Tip of the Week: Elevate Your Defenses Against a Ransomware Attack
Security professionals can help defend their organizations against a ransomware attack by embracing a layered defense strategy that combines antivirus solutions, anti-data encryptors and other security tools. A crucial part of this strategy should be keeping — and periodically testing — multiple data backups both offline and in the cloud.