CryptMix RansomwareA new ransomware variant that combines components of other families, including CryptoWall and CryptXXX, has been discovered by Heimdal Security [1] and MalwareHunterTeam.CryptMix [2] is spread via spam emails that redirect users to malicious domains hosting exploit kits. The ransomware is able to encrypt up to 862 different file types, appending the extension .code to the files it has hit. The ransom payment is high; 5 bitcoins, although an email from CryptMix’s authors states that the money will be sent to a children’s charity and those who pay will receive free tech support for 3 years (so that’s alright then).There is currently no decryptor available for CryptMix.Jaku BotnetForcepoint have published an investigation of the Jaku Botnet [3], part of an ongoing campaign that uses thousands of victims to target a small number of individuals. These specific targets appear to be NGO members, academics, scientists and government employees involved in some way with North Korea. Forcepoint has declined to comment on the exact details of this link, but have passed on relevant information to law enforcement.The Jaku Botnet has victims all over the world, but the majority are based in Korea and Japan (42% and 31% respectively). C&C infrastructure appears to be based in Malaysia, Thailand and Singapore and servers average between 2,000-4,000 victims apiece. The initial malware responsible for setting up Jaku originates from poisoned film and TV torrent files. More technical details are available here [4].The Anonymous war on banksAnonymous [5] has hits one of its first DDoS targets as part of Operation Icarus [6]. The Bank of Greece is to be followed by the websites of numerous other banking and investment groups, including the IMF and the Bank of England, as detailed on a pastebin list [7].Hundreds of million of credentials (re)leakedResearchers at Hold Security [8] discovered that a Russian hacker has access to over 272 million non-duplicate usernames and passwords. The credentials are for email accounts, the majority of which are tied to Mail.ru, Russia’s most popular email service. The rest, numbering in the tens of millions, are for Yahoo, Microsoft, and Google addresses and other providers based in Germany and China. Most of the credentials have not been stolen directly from the services in question, but were collected from previous leaks and data breaches. Yet according to the CEO of Hold Security, 42.5 million of the credentials have never been seen before on the underground.The Silobreaker Team
[1] https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/
[2] https://my.silobreaker.com/View360.aspx?Item=11_1006125761&q=keyphrase%3a%22CryptMix+Ransomware%22&rd=true
[3] https://my.silobreaker.com/View360.aspx?Item=11_1002050157&q=keyphrase%3a%22Jaku+Botnet%22&rd=true
[4] https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf
[5] https://my.silobreaker.com/View360.aspx?Item=11_247827020&q=anonymous+group&rd=true
[6] https://my.silobreaker.com/View360.aspx?Item=11_963456195&q=keyphrase%3a%22OpIcarus%22&rd=true
[7] http://pastebin.com/dVyqyJi5
[8] http://holdsecurity.com/news/the_collector_breach/
↧