Last week in security news, the authors of Shade ransomware announced that they were releasing 750,000 decryption keys to help their remaining victims recover their files for free. Speaking of ransomware, a notorious malware-as-a-service (MaaS) botnet added crypto-ransomware capabilities, thereby augmenting its ability to target Android users. Several other botnets also attracted the attention of security researchers.

Top Story of the Week: The End of Shade Ransomware

In a GitHub post, the authors of Shade ransomware announced the publication of 750,000 decryption keys along with their own custom decryption software. The malicious actors noted that some victims might have trouble using these resources to recover their files for free. In response, those nefarious individuals vocalized their hope that security firms would use the published keys and software to create commercial decryption tools that would be easier to use.

This announcement marked the last stage of Shade ransomware’s retirement. After ceasing all distribution of their creation in late 2019, those responsible for the ransomware said that they had deleted all data and source codes relating to their activity.

Source: iStock

Also in Security News

  • Return of Black Rose Lucy Marked by Addition of Ransomware Features: Check Point Research discovered that the Black Rose Lucy botnet had returned from a two-year hiatus by masquerading as a video player application. The digital threat leveraged this disguise to use its new ransomware features and encrypt all files identified in the device’s directories.
  • BEC Scam Launched by Florentine Banker Steals £600K: Also from Check Point Research, a threat group known as the Florentine Banker attracted security professionals’ attention by targeting at least three large financial organizations with sophisticated business email compromise (BEC) scams. In one of these attacks, the group successfully stole £600,000.
  • New Shellbot Linux Malware Launched by Outlaw Hacking Group: Yoroi Security came across a new Linux malware called Shellbot that originated from the Outlaw hacking group. Early versions of this threat arrived with a module for conducting distributed denial-of-service (DDoS) attacks, but later versions used a Monero miner and Perl backdoor as its main elements.
  • LeetHozer Botnet Samples Share Attack Resources With Moobot: The Network Research Lab at 360 observed that the new LeetHozer botnet used the same downloader and the same unique string in its vulnerability exploitation routine as Moobot. Acknowledging those similarities, the research team posited that Moobot and LeetHozer originated from the same group of attackers.
  • Inquiry Discovered Multi-Year PhantomLance Campaign: Kaspersky launched an inquiry into a backdoor Trojan identified by another security firm back in July 2019. This effort revealed that the campaign, dubbed PhantomLance, had been active since at least 2016 and had infiltrated several app marketplaces including the Google Play store.
  • Zero-Day Flaw in Sophos Firewalls Exploited by Information Stealer: Researchers at Sophos revealed that malicious actors had exploited a zero-day flaw to achieve remote code execution on some of the security firm’s firewall products. That malicious activity enabled those actors to install the Asnarök Trojan for the purpose of stealing data from their victims.
  • High-Severity Code Injection Vulnerability Plugged in WP Plugin: In late April, Wordfence discovered a vulnerability in the Real-Time Find and Replace WordPress plugin that could enable a malicious actor to inject malicious Javascript into an exposed site by tricking the site admin. The security firm notified the plugin’s developer who responded by issuing a patch a few hours later.
  • Department of Labor’s FMLA Used as Lure to Target Users: IBM X-Force detected a phishing campaign in which digital attackers used the U.S. Department of Labor’s Family and Medical Leave Act (FMLA) to convince recipients to open an email attachment. Once opened, that file infected recipients with Trickbot.

Security Tip of the Week: Review Your Organization’s Ransomware Defenses

Security professionals can strengthen defenses against ransomware threats such as Shade by using an ongoing security awareness training program to build up a positive security culture in the workplace. This effort will cultivate employees’ familiarity with phishing campaigns and other social engineering attacks, thereby reducing the number of available distribution channels for attackers. In addition, infosec personnel should leverage the latest threat intelligence to stay on top of evolving ransomware campaigns.

More from

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit…

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

Abuse of Privilege Enabled Long-Term DIB Organization Hack

From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit called Impacket to breach the environment and further penetrate the organization’s network. Even worse, CISA reported that multiple APT groups may have hacked into the organization’s network. Data breaches such as these are almost always the result of compromised endpoints…