A new ransomware strain with a trick, a warning for Azure Cosmos administrators and more on the T-Mobile hack
Welcome to Cyber Security Today. It’s Monday August 30th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
A new strain of ransomware uses a trick to evade detection. According to cybersecurity company Sophos, instead of encrypting all the bytes of a file the LockFile strain only scrambles every 16 bytes of a file. That way the partly encrypted files look similar to the uncompromised original file. As a result, it evades the statistical file analysis some ransomware protection applications perform when comparing files. It’s not the only ransomware strain that does this. But what sets LockFile apart is it encrypts every other 16 bytes of a file. Sophos calls this intermittent encryption. IT security teams need to make sure their defensive software can meet this challenge.
Meanwhile the news site The Record reports the gang behind the Ragnarok ransomware has shut operations and released a free decryption utility that victims can use to get their data back.
Chains of threat actor-controlled computing devices called botnets help attackers distribute malware. According to a news report, one of them has suddenly shut. Those behind the botnet distributing the Phorpiex malware are selling the source code. The bad news is if a threat actor buys the code the botnet can be re-activated.
Organizations with employees using Microsoft’s Azure Cosmos database with the Jupyter Notebook feature enabled need to take certain security precautions. This comes after researchers reported a vulnerability that could allow an attacker to get into accounts. Microsoft says it has fixed the vulnerability. But it also says IT departments have to regenerate the primary security keys for the application. According to the company that discovered the problem, every organization that uses Azure Cosmos DB should assume their data has been exposed. It estimates there are thousands of organizations affected, including some in the Fortune 500. There’s a link to the Microsoft report here.
Has sportswear maker Puma been hacked? That’s the question after an ad on the criminal…