Yes, we do need good, tested, reliable backups.
UK Uni Ransomware Attacks Linked to Malvertising Campaign
Phil Muncaster
Kafeine, a researcher at the security vendor, explained that the C&C IP address for the ransomware in question is commonly associated with the Mole family and payloads linked to the Astrum exploit kit, a known favorite of the banking trojan group AdGholas.
“At that stage, we were almost convinced the events were tied to AdGholas / Astrum EK activity. We confirmed this, however, via an HTTPS connection common to the compromised host avia-book[.]com,” the blog post continued.
This host was apparently being used in a large scale malvertising campaign targeting the UK, Australia, Canada, Italy, Monaco, Liechtenstein, Luxembourg, Switzerland, Japan, Taiwan and the United States.
All compromised hosts are said to have contacted the Astrum C&C IP address.
“It appears that between June 14 and 15, Astrum was dropping Mole ransomware in the United Kingdom and likely in the US. Mole is a member of the CryptFile2/CryptoMix ransomware family. We do not know the payloads in other countries, but, based on past activity, we are confident they were banking Trojans. Unlike ransomware, bankers are generally less noisy and often remain unnoticed by victims,” Kafeine concluded.
more...
https://www.infosecurity-magazine.com/news/uk-uni-ransomware-attacks-linked/?utm_source=dlvr.it&utm_medium=twitter
No comments:
Post a Comment