- Study: Too much Netflix, not enough ‘chill’ 3 Months Ago
- Pete Buttigieg under fire for saying incarcerated Americans shouldn’t be allowed to vote 3 Months Ago
- Vine’s co-founder is beta testing a new app called Byte 3 Months Ago
- Report: Joe Biden’s first 2020 fundraiser will be with a Comcast executive 3 Months Ago
- Netflix’s ‘Sabrina’ appears to have an art-copying problem 3 Months Ago
- People are crying over these cats’ window-sill romance Today 2:27 PM
- The ‘I’m baby’ meme is all about being comforted Today 2:24 PM
- Parody video totally nails what men are like on Tinder Today 1:57 PM
- Twitch star AriLove latest woman to be arbitrarily banned for ‘sexually suggestive’ attire Today 1:47 PM
- The 18 best Korean beauty sheet masks Today 1:25 PM
- Report: 5,000 Twitter bots pushed ‘Russiagate hoax’ after Mueller report Today 11:15 AM
- Google Trends show how differently Notre Dame and Sri Lanka are being mourned Today 10:50 AM
- Harvard centrists get relentlessly clowned for asking Bernie about socialism Today 10:38 AM
- Flex your knowledge of dank memes with What Do You Meme? card game Today 10:33 AM
- Facebook’s new general counsel helped craft the ‘Patriot Act’ Today 10:26 AM
Richard Patterson/Flickr (CC-BY)
Cybercriminals are shifting focus to high-value targets.
Cybersecurity experts are warning of an uptick in ransomware attacks after a campaign against large enterprises netted hackers more than $3 million.
According to two leading cybersecurity firms, CrowdStrike and FireEye, a strain of ransomware known as Ryuk has been used to elicit over $3.7 million in cryptocurrency payments since August of last year.
CrowdStrike has attributed the attacks to the cybercrime cell “GRIM SPIDER,” a part of the larger “WIZARD SPIDER” criminal enterprise group suspected of operating out of Russia.
Media reports initially placed the blame on North Korean government hackers after Ryuk ransomware was used in December of last year to cripple Tribune Publishing, a company which prints newspapers for major outlets such as the Chicago Tribune.
Many of GRIM SPIDER’s victims, CrowdStrike notes, were found to have TrickBot malware on their computers as well, used prior to the deployment of Ryuk.
The attacks are believed to have been started primarily by a large spam email campaign. The hackers then carried out reconnaissance against their victims in order to locate computers at large companies.
After finding a high-value target, the Ryuk ransomware is used to lock victims’ computers before demanding a large sum of money in exchange for the return of their files.
“Since Ryuk’s appearance in August, the threat actors operating it have netted over 705.80 BTC across 52 transactions for a total current value of $3,701,893.98 USD,” CrowdStrike writes.
FireEye adds that “a notable uptick in the latter half of 2018” has proven lucrative for the hackers.
“FireEye Intelligence expects that these operations will continue to gain traction throughout 2019 due the success these intrusion operators have had in extorting large sums from victim organizations,” the company states.
CrowdStrike characterizes such attacks as “big game hunting,” in which a few highly-profitable organizations are targeted instead of many individual internet users.
- A man found a camera in his Airbnb and the company didn’t seem to care
- Sprint promises to stop selling location data after outcry
- New Nike shoes can be controlled from your smartphone
H/T Digital Trends
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.