Over the weekend, staff for the Washington state court system identified a cyberattack was targeting their network and were forced to take it offline to minimize potential damage. While many of the municipal courts have some basic functionality and can continue with court proceedings, others will remain completely out of operation until the investigation into this incident is concluded.
Operation Synergia II takes thousands of malicious IP addresses offline
A recent global law enforcement operation, known as Operation Synergia II, has successfully taken down more than 22,000 malicious IP addresses, that have been used in a variety of phishing and ransomware campaigns around the world. Law enforcement agencies across 95 Interpol countries were involved in seizing servers and identifying nearly 100 suspects that are directly involved with these malicious campaigns, with 41 being taken into custody during the operation.
GoZone ransomware uses old ransom tactics
Researchers have been tracking a relatively new ransomware variant written in the Go programming language, GoZone ransomware. It stands out from other variants by leaving an excessive amount of ransom notes throughout the victim’s system directories that have been encrypted, and only demanding a $1,000 Bitcoin ransom for a decryption key. The ransom notes pull tactics from much older versions of ransomware by stating that the pc has been locked due to a discovery of illicit content on the victim device and demands payment to regain access.
Rhysida ransomware claims attack on Columbus, Ohio
Following a ransomware attack on the City of Columbus, Ohio in July, the threat actors behind the Rhysida ransomware group have claimed responsibility for the attack and published 3.1TB of stolen data to their leak site. Officials for the City of Columbus have also taken legal action against the security researcher who initially disclosed this incident, as the officials had significantly understated the impact of this incident, and the researcher confirmed that the attack contained extremely sensitive data for more than half of the city’s population.
SteelFox malware campaign exploits unpatched driver vulnerability
Researchers have been following the rise of a new malware bundle dropper, SteelFox, which enters systems through an unpatched vulnerability in system drivers. Once SteelFox is on the system, it can exploit additional vulnerabilities to access administrative privileges and then start hunting for stored payment card data and executing a cryptocurrency miner on the victim device.
