Welcome to the latest copy of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we analyze the wild world of security.

Ransomware is bound abstraction up to be one the most significant online aegis threats of our era. And there’s no end in sight.

Although it’s been around for several decades, the first instance of what we now know as ransomware was accurate in 1989.

Known as AIDS or the PC Cyborg Trojan, the malware targeted the healthcare sector via floppy disks. It counted the number of times a computer booted, and once this count hit 90, the ransomware encrypted all the files and asked the user to ‘renew their license’ by contacting ‘PC Cyborg Corporation’ and sending $189 or $378 to a post office box in Panama.

Since then these tried-and-tested moneymakers have evolved; they use more convincing phishing lures and they’ve become far more widespread.

Take some recent examples. The University of California, after a NetWalker attack on its systems back in June, adjourned with the hackers for a week before coughing up 116 bitcoin (or $1.14 million). Their aboriginal demand was a $3 actor ransom.

According to a McAfee analysis appear beforehand this month, the NetWalker ransomware gang has netted as much as $25 actor since March 2020, with some of the payments made afterward their amplification to the Ransomware-as-a-Service (RaaS) model.

“Essentially, [RaaS] works as a rental, with a group of hackers renting malware to cybercriminal barter with capricious levels of involvement,” Gemini Advisory said in a recent report. “Some may offer just the malware and the decryption keys, while others offer a full package.”

One other annoying trend spotted since last year is “double extortion.” Content with not just encrypting the target’s files, the bent gangs steal that data before deploying the ransomware, and hold it earnest in hopes that the victims will pay up rather than risk having their advice leaked.

In what’s likely addition case of NetWalker ransomware last month, the University of Utah ended up paying a $457,000 ransom to “ensure advice was not appear on the internet” admitting having recovered the encrypted data from backups.

With many of the afflicted businesses defective basic aegis hygiene, the bigger affair is the accretion spate of ransomware attacks will activate cybercriminals to raise the stakes even higher.

When travel aggregation CWT was struck by Ragnar Locker ransomware, it acclimatized with the operators for a ransom of 414 bitcoin ($4.5 million).

“It’s a amusement to work with professionals,” a person alive on behalf of the ransomware gang said in a chat after handing over the decryption keys. “However we will keep the chat room and will be here for your support.”

What’s trending in security?

Instagram fixed a flaw that retained photos and clandestine direct letters on its servers even after they were deleted by its users, state-sponsored North Korean hackers targeted the Israeli Aegis Industry, and Ukraine arrested three men who allegedly ran 20 crypto-exchanges and apple-pie more than $42 actor for ransomware gangs.

  • The New Zealand stock barter (NZX) was agape offline three days in a row after being hit by a broadcast denial-of-service attack. [NZ Herald]
  • A deep-dive into NSO Group, one of the most backstairs surveillance companies in the world and the maker of Pegasus mobile spyware. The aggregation has courted controversies for affairs the tool to governments which have abolished Pegasus to track human rights activists and journalists around the world. [MIT Technology Review – Part I / Part II]
  • Criminals are using alleged Russian SIMS, or “white” SIMs, to spoof phone numbers and add voice abetment to calls in real-time. [Motherboard]
  • Researchers abundant boundless flaws with mesh messaging account Bridgefy that could let attackers deanonymize users and read messages. [Ars Technica]


  • Joe Sullivan, Uber’s former aegis chief who currently serves as Cloudflare’s aegis head, was answerable with attempting to burrow a massive data breach that saw hackers steal 57 actor user accounts of Uber drivers and passengers. [The New York Times]
  • The NSA and FBI apparent a new Russian GRU-built, Linux-based hacking tool, called Drovorub, able of accustomed out cyber espionage operations. The US Cybersecurity and Infrastructure Aegis Agency (CISA) abundant BLINDINGCAN, a strain of malware that has been deployed by North Korean government hackers targeting aggressive aegis and aerospace sectors. [NSA / CISA]
  • With Twitter acceptable the latest victim of “phone spearphishing,” the FBI and CISA warned of an advancing voice phishing (or vishing) attack targeting remote workers in the US aimed at burglary login accreditation for accumulated networks/VPNs. [Brian Krebs]
  • More than half of adopted cyberattacks adjoin China in 2019 originated in the US (53.5%), according to China’s Computer Emergency Response Team. Russia and Canada came second and third. [South China Morning Post]


  • Malicious Xcode developer projects for macOS are being used to spread the XCSSET suite of malware, which comes with capabilities to hijack Safari web browsers and inject assorted awful payloads that can steal passwords, banking data and claimed information, and deploy ransomware. [Trend Micro]
  • Last year, GitHub launched a new Security Lab to secure open-source software. Now the company, along with Google, IBM, JPMorgan Chase, Microsoft, and Red Hat have joined hands to form the Open Source Aegis Foundation with an aim to advance the aegis of open-source software. [OpenSSF]
  • The US alerted about an advancing government-led hacking attack by North Korean hackers it calls “BeagleBoyz” focused on burglary millions from ATMs around the world. [CISA]
  • By base a flaw in IoT connectivity chips, IBM’s team of advisers baldheaded a way to bypass aegis checks to access anchored data in millions of IoT devices. The vulnerability was fixed in February early this year. [IBM]
  • The fortnight in data breaches, leaks and ransomware: Carnival Corp, Cense.AI, Experian South Africa, Freepik, Moneed, RailYatri, and Utah Gun Exchange.

Data Point

According to Symantec’s Threat Landscape Trends report for the second division of 2020, browser-based cryptocurrency mining — also known as cryptojacking — added a whopping 163% compared to the antecedent quarter. “This spike in action coincides with an access in the value of cryptocurrencies, including Bitcoin and Monero, which are two currencies often mined by browser-based coinminers,” the report said.

Tweet of the week

Tesla CEO Elon Musk apologized for being “embarrassingly late” to the two-factor affidavit (2FA) game. Better late than never!webrok

That’s it. See you all in two weeks. Stay safe!

Read next: Why slacking off is my high abundance tool