Catch up on the past week's cybersecurity news. 

Malware and ransomware were hot topics this week with headlines from SamSam, combojack, Cryptomix, and WhiteRose attacks, to how ransomware is evolving and where it's now illegal to possess it.  This week also saw a lot of talk about the vulnerability of chat widgets, and the ten popular stores that had data breaches this year. 

  1. The ransomware that hobbled Atlanta will strike again, Via WIRED
    • While dozens of serviceable ransomware programs circulate at any given time, SamSam and the attackers who deploy it are particularly known for clever, high-yield approaches. Though Atlanta won't comment on the details of the current ransomware attack, a City Auditor's Office report from January 2018 shows that the City recently failed a security compliance assessment.
  2. Mass. data breaches hit record high last year, thanks to Equifax, Via Boston Business Journal
    • More than 3.3 million Massachusetts residents — nearly half of the state’s population — were affected by a data breach last year, the vast majority of them because of the massive Equifax Inc. breach, according to state data.
  3. Eleven ways ransomware is evolving, Via CSO
    • Malicious links in email is still by far the most common method to deliver ransomware. As organizations do a better job of educating users not to click on questionable email links, some ransomware perpetrators are shifting tactics. Instead of a link, they use a document attachment that might be a PDF, Microsoft Word, or other common file type.
  4. Cryptocurrency malware combojack targets clipboard data – here’s how to protect yourself, Via Bitcoinist
    • ComboJack embeds itself on user systems as phishing or malspam email. ComboJack will then frequently check the system clipboard for copied cryptocurrency wallet information. If a genuine wallet address is identified, it is then replaced with a hardcoded wallet address presumed to belong to the attacker.
  5. New Michigan law makes possession of ransomware illegal, Via Bleeping Computer
    • On Monday, Michigan Governor Rick Snyder signed two bills into law that criminalize the possession of ransomware "with the intent to introduce it into a computer or computer network without authorization" and punish offenders with a three-year prison sentence, respectively.
  6. If you shopped at these 10 stores in the last year, your data might have been stolen, Via Business Insider
    • At least 10 retailers were hacked and likely had information stolen from them since January 2017. Many of these were caused by flaws in payment systems taken advantage of by hackers including Sonic, Under Armour, Panera Bread and Forever 21.
  7. Live chat widgets leak employee details from high-profile companies, Via Bleeping Computer
    • At least two live chat widgets used on hundreds of high-profile sites are leaking the personal details of company employees. The vulnerable widgets are used on sites managed by Google, Verizon, Spring, Bank of America, PayPal, Orange, Sony, Tesla, Bitdefender, Kaspersky Lab, Disney, and many others.
  8. Cryptomix ransomware receives face lift, Via SC Magazine
    • The malicious actors behind Cryptomix ransomware have pushed out a new variant, with the primary change being the inclusion of a new extension and minor alterations to the contact info and ransom note.
  9. The WhiteRose ransomware is decryptable and tells a strange story, Via Bleeping Computer
    • A new ransomware has been discovered by MalwareHunterTeam that is based off of the InfiniteTear ransomware family, of which BlackRuby and Zenis are members. When this ransomware infects a computer it will encrypt the files, scramble the filenames, and append the .WHITEROSE extension to them.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Use Tech to Mitigate Email Security Issues

Secure Emails: 6 Do’s and Don’…

Secure Emails: 6 Do’s and Don’ts for IT Pros Whet… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Apr 09, 2018

3 Reasons Why You Need Better Backup and Recovery

Using Microsoft Office 365™ or snapshots…

Using Microsoft Office 365™ or snapshots from your archive s… Read More >

Shane Harris

by Shane Harris

Director, Product Marketing

Posted Apr 03, 2018

RSA Conference: So many sessions so little time. Part 2

More RSA Sessions that caught our eye. …

More RSA Sessions that caught our eye. With the abundance o… Read More >

Joanne McSweeney

by Joanne McSweeney

Corporate Events Manager

Posted Mar 23, 2018