Symantec Threat Landscape Bulletin - November 27, 2020

Symantec Threat Landscape Bulletin - November 27, 2020


Threat Hunter TeamSymantec




Fertility treatment provider hit by ransomware 
One of the U.S.’s largest fertility treatment providers was hit with a ransomware attack in September, which took a number of its systems offline. US Fertility, which operates 55 facilities across 10 states, said it had been attacked on September 14. “Data on a number of servers and workstations connected to our domain had been encrypted by ransomware,” it said.
An investigation into the attack found that the attackers stole data before encrypting computers. The company described it as a “limited number of files” containing names, addresses, dates of birth, MPI numbers, and Social Security numbers.
The U.S. government has recently warned of Ryuk targeted ransomware attacks against healthcare providers, but it hasn’t been confirmed if Ryuk was behind this incident.
In other news, electronic equipment maker Canon has confirmed that ransomware was behind a cyber attack it experienced in August. At the time, the company experienced severe outages, with media reports suggesting the Maze ransomware gang was behind the attack.
Canon has now said that the attackers stole data on current and former employees prior to encryption, including names, Social Security numbers, dates of birth, driver's license numbers or government-issued IDs, bank account details, and electronic signatures.
 

Botnets drop banking Trojans, start distributing ransomware instead 
Botnets are ditching banking Trojans in favour of distributing ransomware, according to researchers from Group-IB.
At its recent CyberCrimeCon 2020 virtual conference, the security company said that the four largest banking botnets run by Russian speakers - Trickbot, Dridex, Qbot, and Silent Night - have shifted from distributing banking Trojans to distributing ransomware.
This is unsurprising wh ..

Support the originator by clicking the read the rest link below.