Tag Archive for: Attack

Ransomware attack cancels NMHU classes through April 14

/in


LAS VEGAS, N.M. — New Mexico Highlands University officials canceled classes through April 14 as they’re still dealing with a ransomware incident.

Officials say the incident took systems offline and prompted an ongoing investigation. Several systems are still offline, including the MyNMHU portal.

The university is working to restore its systems “as quickly and as safely as possible.” They will provide updates on when classes will resume.

Faculty will work with each class to determine the best way to complete it. However, classes won’t extend beyond the scheduled end date. The graduation process and commencement ceremony will also happen as originally scheduled.

To stay updated, click here.

Source…

Highlands University cancels more classes after ransomware attack – Santa Fe New Mexican

/in



Highlands University cancels more classes after ransomware attack  Santa Fe New Mexican

Source…

An AI Chatbot May Have Helped Create This Malware Attack

/in


A hacking group has been spotted possibly using an AI program such as ChatGPT, Google’s Gemini, or Microsoft Copilot to help refine a malware attack. 

Security firm Proofpoint today published a report about the group, dubbed “TA547,” sending phishing emails to businesses in Germany. The emails are designed to deliver the Windows-based Rhadamanthys malware, which has been around for several years. But perhaps the most interesting part of the attack is that it uses a PowerShell script that contains signs it was created with an AI-based large language model (LLM).

Hackers often exploit PowerShell since it’s a powerful tool in Windows that can be abused to automate and execute tasks. In this case, the phishing email contains a password-protected ZIP file, that when opened, will run the hacker-created PowerShell script to decode and install Rhadamanthys malware on the victim’s computer. 

While investigating the attacks, Proofpoint researchers examined the PowerShell script and found “interesting characteristics not commonly observed in code used” by human hackers, the company wrote in a blog post.  

What stuck out was the presence of the pound sign #, which can be used in PowerShell to make single line comments explaining the purpose of a line of computer code

Image of the powershell script code

(Credit: Proofpoint)

“The PowerShell script included a pound sign followed by grammatically correct and hyper specific comments above each component of the script. This is a typical output of LLM-generated coding content, and suggests TA547 used some type of LLM-enabled tool to write (or rewrite) the PowerShell, or copied the script from another source that had used it,” Proofpoint says.

Indeed, if you ask ChatGPT, Copilot, or Gemini to create a similar PowerShell script, they’ll respond in the same format, placing pound symbols along with an explanation. In contrast, a human hacker would probably avoid such comments, especially since their goal is to disguise their techniques.

Recommended by Our Editors

ChatGPT placing the pound symbols

(Credit: ChatGPT)

Still, Proofpoint can’t definitively say TA547 created the PowerShell script with the help of an AI chatbot. Nevertheless, the case illustrates how cybercriminals can harness…

Source…

Ransomware attack delaying Jackson County, Missouri home sales

/in


INDEPENDENCE, Mo. — She fought for our country. But now a ransomware attack reportedly carried out by Russians has a local veteran whose disabled fighting to be able to sell her home.

It’s the latest effect from a cyber security breach in Jackson County last week.


Jackson County’s website says offices will remain closed at the Historic Truman Courthouse in Independence Wednesday.

A ransomware attack last Tuesday has closed the Jackson County Recorder of Deeds, Assessment and Collections Office. The county said Monday its making progress on restoration and system recovery. But for some that progress can’t come soon enough.

“It’s had a huge impact on our buyers and sellers in particular,” United Real Estate Kansas City Broker Marta Grace said.

The buyer of Jae Ramsey’s Independence home was hoping for an early closing.

“They told me to get out by April 1st, so I said OK, I did,” she said.

She hired movers with closing originally set for April 4, two days after that ransomware attack.

“They had like ten people in my house taking everything. I have no idea what I even have anymore,” Ramsey said.

Now she’s living with a relative waiting for proceeds from the sale of her home now set to close Thursday. But there’s no indication whether the Recorder of Deeds will open by then or how quickly they’ll get through at least a weeks worth of work missed.

“They are unable to close so the lenders won’t fund. They won’t lend you the money if they cannot record it with the county,” Grace explained.

“Primarily it’s we don’t know when they are going to get to close that’s caused the confusion and kind of a catastrophe,” TG Homes in the Heartland Owner Tina Groumoutis said.

Contracts to sell homes have expiration dates to close by. In Ramsey’s case that deadline is quickly approaching.

“He could very well get cold feet and say I don’t know what’s going on over there, but I’m good I’ll find something else,” Groumoutis said of the…

Source…