Ransomware “goodwill” and arrested cybercriminals (Week 22)

Security researchers have uncovered ransomware that forces victims to perform socially beneficial activities. The director of the US NSA has publicly acknowledged the involvement of US military hackers in the Ukraine conflict, and widespread activity by the international security community has led to multiple arrests, infrastructure seizures, and convictions.

Ransomware to help the underprivileged

Cyber researchers at CloudSEK have uncovered a new ransomware family that asks victims to perform socially deserving activities in exchange for decryption keys. The ransomware messages included prompts to hand over clothes and blankets for the homeless. The victim was to film their “act of charity” and post it on social media, with a call for their contacts to do the same. The footage and social media links were then to be sent by the victim to the attackers for review.

Ransomware attack on Foxconn

The Mexican branch of electronics manufacturer Foxconn was the target of a Lockbit ransomware attack. The company said production is resuming and the attack had minimal impact on production capabilities. Cybercriminals managed to steal as yet unspecified company data and are threatening to make it public.

Ransomware attack on Nikkei Publishing

Nikkei Publishing, which employs more than 1,500 journalists with more than 4 million subscribers, was the target of a ransomware attack. The company responded to the attack by immediately shutting down the infected server. The compromised server “likely” contained customer data and its potential leak is under investigation.

Fake VPN app

SideWinder, a cybercrime group focused on attacks against Pakistani organizations, has started distributing a fake Android VPN service. That the campaign is only targeting Pakistan is evidenced by the script the cybercriminals are using to filter malware victims. The Pakistani government’s response was to publish an addressed warning.

US involvement in the cyber war in Ukraine

The director of the National Security Agency (NSA) in the US has said that US military hackers are directly involved in the conflict between Russia and Ukraine. Speaking to Sky News, he said, “We have conducted a series of operations across the spectrum: offensive, defensive and information.” He did not define the operations themselves, but added that the interventions were lawful and carried out under civilian supervision.


  • The U.S. Department of Justice seized 3 domains used by cybercriminals to sell data from more than 10,000 stolen databases and to market for DDoS attacks,
  • Europol, in cooperation with the security forces of 11 countries, including Austria and Hungary, successfully shut down and seized the infrastructure of the FluBot mobile malware,
  • Interpol successfully arrested 3 Nigerian cybercriminals using the Agent Tesla malware, one of whom has already been sentenced to 12 months in prison,
  • Interpol also successfully arrested a person accused of leading the SilverTerrier cybercrime group,
  • in the US, a member of a cybercrime organisation responsible for $568 million in damages was sentenced to 4 years in prison,
  • the authorities of the Austrian state of Carinthia were targeted by the BlackCat ransomware group. The ransomware hit 3,000 systems and the group is demanding $5 million for decryption keys,
  • ExpressVPN removed servers in India after refusing to comply with regulations to record the real names, contact details and assigned IP addresses of its users for at least 5 years.

« Späť na zoznam