Nokia 5.3 also joined the club of Nokia devices with February security update. The patch is 14.47 MB in size which means that not so many things have been revisited or serviced. The update should be available globally since many of you tipped us and have sent us a screenshot on which I’m grateful.
Do check your device and download the update.
Update tracker
The number of attacks had slowed down after the winter holidays, but after the past two weeks, it’s evident that the ransomware attacks are back at full speed.
Over the past two weeks, we had some significant attacks, including attacks on Discount Car and Truck Rentals, an alleged attack on Kia Motors/Hyundai, UL, TietoEVRY, Ecuador’s Ministry of Finance, and its largest bank, Banco Pichincha.
A recent ransomware attack at Automatic Funds Transfer Services (AFTS) also led to a series of data breach notifications from US cities that used them as a payment processor.
Finally, Mandiant reported that recent Accellion FTA breaches had been conducted by hackers affiliated with the Clop ransomware operation.
In a win for law enforcement, an operation between the USA, France, and Ukraine has led to numerous Egregor members’ arrests, practically shutting down the ransomware operation.
On the technical side, we learned that Ryuk now has worm-like functionality allowing it to spread to other Windows devices.
Contributors and those who provided new ransomware information and stories this week include: @jorntvdw, @PolarToffee, @DanielGallagher, @LawrenceAbrams, @demonslay335, @VK_Intel, @BleepinComputer, @Ionut_Ilascu, @malwareforme, @fwosar, @Seifreed, @struppigel, @serghei, @malwrhunterteam, @FourOctets, @chum1ng0, @cyb5r3Gene, @Mandiant, @CISecurity, @JakubKroustek, @coveware, @fbgwls245, @c3rb3ru5d3d53c, @Amigo_A_, @petrovic082, @siri_urz, and @1ZRR4H.
A ransomware gang who says they stole unencrypted source code for the company’s most popular games and then encrypted CD Projekt’s servers claims to have sold the data.
Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.
Cerberus released a decryptor for the Tortoise Ransomware.
A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests…
POCO made its return last year, but not as we’ve expected. So far, the brand announced a bunch of devices, but just two of them are original phones (POCO X3 and POCO M3) and they came in the end of the year. On its return, the brand brought rebrandings of existing Xiaomi devices. The POCO X3, POCO F2 Pro were mere rebrandings on popular Redmi phones. The POCO M2 and M2 Pro that are exclusive to the Indian market, are basically “clones” of two other devices that also are available in India – The Redmi 9 and the Redmi Note 9 Pro Max, respectively. It was a weird choice to launch devices that are just too similar, but still, they are selling quite well. The brand is also providing decent support for its POCO handsets. Hopefully, things will improve this year and POCO will become a more independent company that launches original phones rather than rebrandings. For those who are owners of the POCO M2 family in India, we have good news. The brand is rolling out February 2021 security patch for the POCO M2 Pro.
The POCO M2 Pro is receiving a new OTA update that seems to be including only the Android Security patch from February 2021. The update has a size of 587MB and unfortunately still is based on Android 10. If there are other improvements or fixes included in this update, the changelog decided to keep it a secret. So far, the changelog seems to quite positive across the user community.
Xiaomi is doing a great job so far with the POCO M2 series in India. The company rolled out major MIUI 12 updates back in September. And now are rolling out the MIUI V12.0.3.0 builds in India. This lineup born in India and reached the global markets with the POCO M3. The latter is an original smartphone with a nice package of specifications. It got released in India earlier this month.
As far as the POCO M2 Pro is concerned, it is quite similar to the Redmi Note 9 Pro Max released in India. The device flaunts a 6.67-inch LCD with FHD+ resolution. Under the hood, it is powered by the Qualcomm Snapdragon 720G with up to 6GB of RAM and 128GB of Storage. The device has a Quad-Camera array…
This week we saw another ransomware shut down its operation and a significant attack against Cyberpunk 2077 game developer CD Projekt Red.
Another operation known as Ziggy Ransomware shut down this week and released the decryption keys for victims. This shut down was due to increased concern about law enforcement action after the disruption and arrests in the Netwalker Ransomware operation.
We also saw a major attack against game developer CD Projekt Red from a ransomware group called HelloKitty. During this attack, the threat actors claimed to have stolen the alleged source code for the Witcher 3 and Cyberpunk 2077 games, which threat actors later put up for auction on a hacker forum.
Contributors and those who provided new ransomware information and stories this week include: @fwosar, @BleepinComputer, @jorntvdw, @DanielGallagher, @Seifreed, @serghei, @LawrenceAbrams, @malwrhunterteam, @demonslay335, @Ionut_Ilascu, @FourOctets, @malwareforme, @struppigel, @VK_Intel, @PolarToffee, @JakubKroustek, @M_Shahpasandi, @vxunderground, @BrettCallow, @chum1ng0, @Kangxiaopao. @Amigo_A_, @Intel_by_KELA, and @danusminimus.
The Ziggy ransomware operation has shut down and released the victims’ decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims.
The 2019 ransomware attack on the city’s servers is now potentially affecting criminal cases after it was revealed that the city police department lost all digital copies of its 2018 internal affairs files.
xiaopao found a new ransomware called DarkWorld that appends the .dark extension and drops a ransom note named import.txt.
Danus found the new Tortoise Ransomware that appends the .tortoise extension but does not appear to actually encrypt anything.
xiaopao found a new JCrypt ransomware variant that appends called DarkWorld that appends the .daddycrypt extension and drops a ransom note named _RECOVER__FILES__.daddycrypt.txt.