Security Alerts & News
by Tymoteusz A. Góral

History
#1758 HDDCryptor: subtle updates, still a credible threat
Since first writing about the discovery of HDDCryptor back in September, we have been tracking this ransomware closely as it has evolved. Last week, a new version was spotted in the wild, and based on our analysis, we believe that this variant is the one used in a recent attack against San Francisco Municipal Transport Agency (SFMTA).

In this attack, as we’ve seen with other versions of HDDCryptor, the ransomware dropped some tools to perform full disk encryption, as well as the encryption of mounted SMB drives. We believe the threat actors behind the attack don’t use exploit kits and automated installers to instantly compromise and infect victims. Instead, they first attempt to gain access to the machine, most likely through a more targeted attack or exploit, before manually triggering and executing the malware. While we don’t have specific information on how this was accomplished across SFMTA’s 2,000 machines, it is highly likely that it was through scheduling a job to run on all of the devices using some form of admin credentials.
Read more
#1763 Working in tech? Five tips on avoiding burnout
#1762 More than a million Android devices rooted by Gooligan malware
#1761 Shamoon: Back from the dead and destructive as ever
#1760 Hackers reuse passwords to access 26,500 UK National Lottery accounts
#1759 Report: Most cybercriminals earn $1,000 to $3,000 a month
#1758 HDDCryptor: subtle updates, still a credible threat
#1757 Mozilla and Tor release urgent update for Firefox 0-day under active attack
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12