Reading Time: ~2 min.

Dharma Ransomware Employs Diversion Tactics

Researchers recently discovered a new ransomware variant
that displays an ESET
AV removal
screen once launched in order to divert the a victim’s attention
from the silent encryption taking place. Initially dropped by an email spam
campaign, the payload comes as a password protected zip archive, with the
password made available in the body of the email to entice curious readers. In
addition to the ESET removal instructions, the archive also contains a
traditional ransom demand with instructions for purchasing and transferring Bitcoin.

Binance Crypto-Exchange Hacked

At least 7,000 Bitcoin were illicitly removed from the hot
wallet of Binance,
an international cryptocurrency exchange, in a single transaction. By
compromising the personal API keys and bypassing two-factor authentication, the
hackers were able to access the wallet and steal roughly $41 million worth of
Bitcoin. The complete details of the breach are still unknown.

Global Malvertiser Sentenced in US

A man operating several fake companies distributing hundreds
of millions of malicious
ads
across the globe has been arrested and is facing charges after his extradition
to the U.S. For nearly five years, Mr. Ivanov and his co-conspirators created
dozens of malvertising campaigns, usually starting a new one immediately after
the previous one was flagged by a legitimate ad network. While this is not the
only case of malvertising campaigns causing chaos on the web, it is one of the
first to see actual indictments.

Robbinhood Ransomware Shuts Down Two US Cities

Both Baltimore City Hall and the city of Amarillo, Texas,
were victims of a variant of Robbinhood
ransomware
this week. Following the attack,
citizens of both cities will be seeing online bill payment options temporarily
offline as they work to restore networks that were damaged or disconnected to
stop the spread of the infection. This is the second cyber attack to hit both
cities within the past year, with Potter County, Texas recovering from a
similar attack just a couple weeks ago. Neither city has released more
information on the ransom amount or when the attack began.

Freedom Mobile Exposes Payment Credentials

An unencrypted database containing millions of customer
records for Freedom
Mobile
, a Canadian telecom provider, was discovered to be left freely
available to the public. While the database was secured in less than a week, the
time it was left accessible to criminals is cause for concern. The data
contained full payment card information, including essentially everything a
criminal would need to commit identity fraud against millions of people. Though
Freedom Mobile claims the 15,000 were affected, it calls into question the
practices used to store their sensitive data.

The post Cyber News Rundown: Dharma Diversion appeared first on Webroot Blog.