Cyware Daily Threat Intelligence, October 16, 2020

Share Blog post

Time is of the essence after a ransomware attack and having a suitable decryption key can bring a major relief in such cases. In a similar vein, researchers have now unveiled the decryption key for MamoCrypt ransomware that was discovered last year. A variant of MZRevenge, the ransomware leverages AES 128 CBC and Twofish 128 NOFB algorithms to encrypt victims’ files.

However, there are still several ransomware strains for which researchers are yet to find decryption keys. One such ransomware is Egregor. The operators behind the ransomware have allegedly hacked and leaked data from gaming companies, Ubisoft and Crytek, with the purpose to extract ransom from them.

Top Breaches Reported in the Last 24 Hours

Firefighting department attacked
Puerto Rico’s firefighting department disclosed that its database has been hacked and the attackers are demanding $600,000 in an act of alleged extortion. The department has notified the police which is currently investigating the matter. 

3 million card numbers dumped
A hacker has been found selling 3 million payment card numbers used at Dickey’s Barbecue Pit on Joker’s Stash dark web forum. The data appears to have been compromised between July 2019 and August 2020. The data is being sold for a median price of $17 per card.

Ubisoft targeted
Ubisoft and Crytek have allegedly fallen victim to an Egregor ransomware attack. It is still unclear how the actors got access to systems. Meanwhile, the ransomware gang has threatened to leak the source code of an upcoming game of Ubisoft if their ransom demand is not met.

Top Malware Reported in the Last 24 Hours

Decryptor for MamoCrypt ransomware
A decryption key for MamoCrypt ransomware, a variant of MZRevenge, has been released recently. The ransomware uses AES 128 CBC and Twofish 128 NOFB algorithms to encrypt files.

COVID-19 vaccine phishing
People in the U.S. and the U.K have been alerted about the ongoing phishing attack around the Oxford Coronavirus vaccine. The attack is suspected to be propagated by Russian hackers in the form of phishing emails with subject lines saying “Beware of the Oxford COVID-19 Vaccine or Beware of the Oxford Corona Virus Vaccine”. Researchers believe that the attack is meant to distribute malware.

Top Vulnerabilities Reported in the Last 24 Hours

Magento flaws fixed
Adobe has disclosed two critical flaws, six important-rated errors, and one moderate-severity vulnerability plaguing the Magento platform. The two flaws can lead to remote code execution. One of these flaws stems from the application not validating full filenames when using an “allow list” method to check the file extensions. The second one is a SQL injection vulnerability.

Top Scams Reported in the Last 24 Hours

QR code scam
QR code scam is making its way out in the pandemic. One of the easiest ways to trick users is through clickjacking. Another trick is the small advance payment scam. Phishing links can, moreover, be disguised as QR codes. As a result, phishers can empty bank accounts without users being aware.

 Tags

ubisoft games
crytek
jokers stash
qr code scam
egregor ransomware
mamocrypt ransomware

Posted on: October 16, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!