PINDROP BLOG

Category: Device Security

July 5, 2017
Ukrainian Police Seize Servers in NotPetya Investigation
UPDATE–Police in Ukraine have confiscated several servers from the software company that develops the M.E. Doc accounting software that is believed to have been an unwitting part of the distribution process for the NotPetya ransomware. Soon after the emergence of NotPetya last week, security researchers from several organizations zeroed in on the update mechanism for the…
Read More →
July 3, 2017
NATO: NotPetya Likely the Work of State Attackers
The NotPetya ransomware that hit thousands of computers last week likely was created and launched by state-sponsored attackers, according to a new analysis by security experts at NATO. Based on the complexity and estimated cost of the operation, analysts at NATO’s Cooperative Cyber Defense Center of Excellence concluded that NotPetya either was the work of…
Read More →
June 30, 2017
New Windows 10 Feature Aims to Halt Ransomware
Microsoft is aiming to change the success rate of ransomware with a new security feature in Windows 10 that will define a set of folders that can only be accessed by approved apps. The feature is included in the latest interim build of Windows 10 and it comes at a time when large-scale ransomware campaigns such…
Read More →
June 28, 2017
Petya-Derived Ransomware Is Acting Like Shamoon
UPDATE–Security researchers are continuing to delve into the details of the latest ransomware outbreak, and have found that the ExPetr ransomware has a number of interesting characteristics that separate it from other variants and raise questions about its purpose. The ExPetr or NotPetya ransomware shares some code and behavior with the older Petya ransomware, but researchers…
Read More →
June 27, 2017
Petya-Like Ransomware Hits Companies Across Europe
A fast-moving ransomware attack has hit a number of companies in several European countries and the United States, the second such widespread ransomware outbreak in as many months. The attack was originally thought to be a new variant of the Petya ransomware, but researchers have said that it appears to be an entirely new ransomware strain. There…
Read More →
June 23, 2017
Flaws in MatrixSSL Leave IoT Devices Open to Attack
Researchers have discovered several flaws in the MatrixSSL TLS stack used in IoT devices, two of which could let an attacker execute arbitrary code on a vulnerable device. MatrixSSL is a small TLS/SSL stack that’s designed for use in embedded systems and other constrained environments. The software can run in low-memory environments, which has made…
Read More →
June 22, 2017
WannaCry Still Causing Trouble a Month On
More than a month after the WannaCry ransomware began making its way through networks around the world, the worm still is causing serious trouble in some places. Honda this week had to shut down an auto assembly plant temporarily due to a WannaCry infection, and the ransomware also has hit traffic cameras in Australia. Officials…
Read More →
June 21, 2017
Malvertising Campaign Tied to Ransomware Attack on UK Universities
The mobile ransomware infections that hit a number of universities in the U.K. recently have been traced back to a malvertising network and the Astrum exploit kit. The attacks against several universities, including University College London, emerged last week and initially there were fears that they were connected to the WannaCry ransomware outbreak. But researchers at…
Read More →
June 20, 2017
South Korean ISP Nayana Pays $1M Ransom to Decrypt Servers
An ISP in South Korea that was hit with a deep ransomware infection in recent days has agreed to pay more than $1 million to recover access to its encrypted data. The company, Nayana, said that it had been hit with the Erebus ransomware about 10 days ago, and spent several days trying to recover…
Read More →
June 14, 2017
FBI Seeks $21M to Counter Encryption
The FBI is asking for more than $20 million in the 2018 fiscal year budget to counter what the bureau sees as the threat of encryption, both in devices and in real-time communications tools such as text or voice apps. The request is part of the Department of Justice’s proposed budget for the next fiscal…
Read More →