Ransomware news for the day

40

1.) The computer network of Bridgeport schools was hit by ransomware on Friday which took hostage of some critical files related to the curriculum and attendance of the students. It’s said that the hackers are demanding a ransom in exchange for the decryption key. However, the IT staff are looking for alternatives to recover back data without paying the ransomware spreaders a single penny.

Aresta Johnson, the Schools superintendent has confirmed the news and says that the recovery of data was in progress.All files stored on cloud storage platforms like Microsoft Office 365 and Google Drive platforms are reported to be safe from attack.

Jeffrey Postolowski, the director of Technology services said that a review of the security systems was being carried out on an emergency note. And assured that the email server was not hit by the cyber attack.

John Weldon, the Chairman of the school board said that his educational institute will do everything to safeguard the digital assets of the school and will see that such incidents never occur in near future.

2.) In another news related to malware attack, a team of researchers from Malwarebytes has discovered a new variant of ransomware which has the ability to lock down data access of a database and steals data on the further exploit.

Malwarebytes researchers say that the ransomware campaign is being proliferated by exploiting Internet Explorer and Flash Player via Fallout Exploit Kit. Security experts suggest that the malvertising campaign is being targeted at torrent sites and streaming portals which get heavy traffic redirecting users at 2 malicious payloads.

Known as Vidar the malware is capable of stealing data such as passwords, docs, screenshots, browser history, messaging data, credit card details and even data stored on 2-factor authentication software. The said malware is also known to target virtual wallets to steal Bitcoins and other cryptocurrencies.

Later, a GandCrab ransomware variant of version 5.04 is being dropped into the system about a minute after the Vidar infection has spread. The system is then locked from access and a ransom note is displayed, demanding payment in either Bitcoins or Dash.

A separate team of experts from ESET says that the ransomware first encrypts data and then steals data from the victims who denied to pay the ransom.