Maze Ransomware Targets Multiple French Industries
At least five French law firms and a construction corporation have all fallen victim to the Maze ransomware variant, which is known for quickly ex-filtrating sensitive information. The Maze authors have also announced they will begin releasing the stolen data if the victims refuse to pay the ransom. Even though only two of the law firms have had their data posted so far, it is only a matter of time before the remaining firms are exposed and the entirety of the stolen data is released. Furthermore, with this type of ransomware attack, the attackers have been known to demand a doubled ransom payment to cover both the decryption key for the files and the supposed permanent deletion from the attacker’s end. Though if this type of payment isn’t made, the data has been known to be posted on Russian forums, leaving the data in the hands of any interested parties.
Major Spike in MageCart Skimmer Usage
At least 40 new websites have been identified as victims of MageCart payment card skimming scripts, and all have been found using scripts that have been hosted from a new location. Of the 40 sites that were discovered, some had been infected for up to four months, and nearly a quarter remained infected for over a week after the skimmer was reported. These types of attacks can be highly profitable due to the relative silence of their activities and have shown little sign of stopping, especially when targeting small businesses, as they tend to be laxer when implementing new patches or security updates.
Ransomware Attack on US Gas Pipeline
An unnamed U.S. natural gas facility fell victim to a ransomware attack earlier this week and was taken offline for at least two days while officials worked to quarantine the infection. The variant used is still unclear but was specifically designed to target the infrastructure controllers, which are used to automate many of the facility’s main functions. The facility was extremely unprepared for this type of attack and had no security policies or training for cyberattacks, instead only making plans for a physical attack on the site. This seems to be a common response from victims of infrastructure attacks, as these types of attacks are relatively new. Having a solid cybersecurity plan doesn’t seem to be a priority.
Danish Data Leak Exposes 1.3 Million Citizens
Over the five years from 2015 to 2020, a bug in the country’s tax systems has leaked sensitive ID numbers for nearly 1.3 million Danish citizens. The bug itself displayed the user’s ID number in the URL after the user made any changes in their tax portal, which were then analyzed by both Google and Adobe. Fortunately, no additional tax or other personal information was divulged due to the software bug and the government was quick to resolve the issue. It was also confirmed that both companies that had received the information had implemented a deletion procedure, which means that nothing was actually stored after transfer.
Italy Under Attack by Dharma Ransomware
In an unusual twist for the Dharma ransomware variant, a new spam campaign has been launched that focuses primarily on distributing Dharma to unsuspecting victims in Italy. While Dharma is normally spread via compromised RDP services, this latest campaign is disguising itself as a phony email invoice and requests users to open an attached zip file. Within the zip file are a .vbs script and an image file used to display the DNS domain records. Once the script has been run, a variety of different malware payloads are available to download, though most are info-stealers or new variants of Dharma. Additionally, this latest variant appends all encrypted files with .ROGER upon completion and displays a typical ransom note.