Thousands of NHS computers are still running Windows XP from beyond the grave

Two years after the WannaCry ransomware outbreak shone a light on the computer security of the UK’s National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still has 2300 PCs running the outdated operating system. The worrying statistic came to light in the response to a parliamentary question asked by shadow minister Jo Platt MP. The fact that 2,300 NHS computers are still running Windows XP is, obviously, not great news.


Newly identified StrongPity operations

Alien Labs has identified an unreported and ongoing malware campaign, which we attribute with high confidence to the adversary publicly reported as “StrongPity”. Based on compilation times, infrastructure, and public distribution of samples - we assess the campaign operated from the second half of 2018 into today (July 2019). This post details new malware and new infrastructure which is used to control compromised machines.


Agent Smith materializes from the matrix of Android malware

There’s a new shapeshifting strain of Android malware in the mix. It replaces legitimate apps with compromised ones and is imaginatively named Agent Smith after the iconic villain in The Matrix. Yet another malware attack targeting Android—so what’s the big deal? Agent Smith is similar to other malware campaigns such as Gooligan, HummingBad, and CopyCat with respect to the destruction it can cause via fraudulent ads.


A peek into malware analysis tools

With the commercialization of cybercrime, malware variations continue to increase at an alarming rate, and this is putting many a defender on their back foot. Malware analysis — the basis for understanding the inner workings and intentions of malicious programs — has grown into a complex mix of technologies in data science and human interpretation. This has made the cost of maintaining a malware analysis program generally out of reach for the average organization.


What is Ryuk and will it be holding you to ransom?

According to Google, Ryuk is ‘a fictional character in the manga series Death Note’. I have no idea what this is, but I imagine it’s significantly less interesting than the Ryuk ransomware campaign that’s currently hitting businesses right across the world. The UK’s NSCS is investigating such campaigns and has recently published an advisory on it, and we’re no strangers to Ryuk at Bulletproof either.


The Rise of Ransomware as a Service (RaaS)

2019 Has been an interesting year for Ransomware thus far. After plaguing countless victims with dreaded ransom notes and bringing some pretty large corporations to their knees, the attack method built a strong reputation for inflicting cyber terror on consumers and businesses. As cyber criminals noticed increasing success from this method, the trends shifted towards more targeted enterprise attacks with the potential for more lucrative payouts.


A Quick Guide to Preventing, Detecting and Responding to Ransomware Attacks

Despite a small decline in the total volume of ransomware attacks, assailants are increasingly leveraging the attack method as a targeted way to extort enterprises. This shift toward more selective targets is a typical trend within the Cyber Security industry. For example, at one point, mass phishing emails were all the rage. Attackers would send generic messages to hundreds or thousands of users, hoping that one naïve person would click on a link and help the attacker further their agenda.


$1.1 million in two weeks - Florida cities pay out big to ransomware gangs

Cybercriminals have learnt something very valuable in the last couple of weeks: in order to regain access to their data, cities in Florida are prepared to pay out huge Bitcoin ransoms to hackers. Less than a week after the city of Riviera Beach, 80 miles from Miami, unanimously voted to pay US $600,000 worth of Bitcoins to an extortionist who had locked their IT systems with ransomware, a second city has come to the same decision.


Florida City Pays $600K to Re-Gain Access to Systems After Ransomware Attack

The Florida city of Riviera Beach has agreed to pay cybercriminals who encrypted computer systems with ransomware $600,000 in order to regain access. In a unanimous vote made by the Riviera Beach City Council this week, the city announced that after consulting with hired security experts, they determined the best course of action is to pay off the hackers.