Reading Time: ~ 2 min.

Shade Ransomware Takes Crown as Most Distributed Variant

Over the course of 2019, one ransomware variant, known as Shade, has taken over 50 percent of market share for
ransomware delivered via email. Otherwise known as Troldesh, this variant receives
regular updates to further improve it’s encrypting and methods of generating
additional revenue from both cryptomining and improving traffic to sites that
run ads. In just the first half of 2019, attacks using Troldesh dramatically
rose from 1,100 to well over 6,000 by the second calendar quarter.

PayMyTab Leaves Customer Data Exposed

For more than a year sensitive customer data belonging to
users of the mobile payment app PayMyTab
has been publicly exposed in an online database using no security protocols.
Even after being contacted multiple times regarding the data breach, the
company has yet to fully secure customer data and may have to take drastic
measures to fully secure their data storage after allowing virtually unlimited
access to anyone with an interest in personal data.

Credentials Dump for Major Service Sites

Login credentials for two highly-trafficked websites were
discovered in a data
earlier this week. One dump belonged to GateHub, a cryptocurrency
wallet with potentially up to 1.4 million user credentials stolen, including
not only usernames and passwords, but also wallet hashes and keys used for
two-factor authentication. The second dump contained information on 800,000
users of EpicBot, a RuneScape bot used to automate tasks in the skill-centric
MMORPG. While both dumps appeared on dark web marketplaces on the same day, it
also seems coincidental that both sites use bcrypt hashing for passwords, which
should make them exceedingly difficult to crack assuming it was set up

Louisiana Government Systems Hit with Ransomware

Multiple Louisiana state service sites were taken offline
early Monday morning following a ransomware
that affected mostly transportation services. All 79 of the state’s
DMV locations were forced to close until systems were returned to normal, as
they were unable to access DOT services to assist clients. While it is still
unclear what variant of ransomware was used, the state of Louisiana did have a
cybersecurity team in place to stop any further spread of the infection.

Magecart Targets Macy’s Online

Nearly a week after the initial breach, Macy’s
officials noticed some unauthorized access between their main website and an
undisclosed third-party site. The breach itself appears to have compromised
payment card data for any customers who input their credentials during the
first couple weeks of October. Macy’s has since removed the illicitly added
code from their sites as well as contacted both payment card providers and
affected customers regarding the breach.

The post Cyber News Rundown: Shade Ransomware Most Distributed Variant appeared first on Webroot Blog.