Information Security News
A provider of end-to-end encrypted e-mail said it paid a ransom of almost $6,000 to stop highly advanced denial-of-service attacks that knocked its networks, and the networks of some of its upstream providers, offline.
In a blog post published Thursday, officials of Switzerland-based ProtonMail said they "grudgingly agreed" to pay 15 bitcoins, which at current valuations came to about $5,850, to the attackers in exchange for them halting the assault. Even after paying the sum, however, crippling attacks continued, although at the time the blog post was being written, they had subsided. The ransom payment is generating protest from critics who say it will only encourage more attacks. ProtonMail officials wrote:
We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack.
The campaign began shortly after midnight on Tuesday, when ProtonMail received an extortion e-mail from a group of criminals said to be responsible for a string of DDoS attacks across Switzerland over the past few weeks. The message was soon followed by a distributed denial-of-service attack that lasted for about 15 minutes. The attack resumed at 11 a.m. the same day and was already showing "an unprecedented level of sophistication." By 2 p.m., the flood of junk traffic reached volumes of 100 gigabits per second and began targeting ProtonMail's datacenter and upstream providers, including routers in Zurich, Frankfurt, and other locations where the ISP has nodes.
Ransomware that uses strong cryptography to hold entire hard drives' worth of data hostage keeps getting nastier, as criminals attempt to find new ways to extort more people into paying increasingly hefty ransoms to recover their files.
A case in point is Chimera, a relative newcomer to the crypto ransom racket that targets primarily businesses. In an attempt to turn up the pressure on infected victims, the malware threatens to publish their pictures and other personal data somewhere on the Internet unless a ransom of $638 in bitcoins is paid. There's no evidence yet that the new cryptoware title has made good on the threat to post victims' private data online, but it's a likely bet the prospect is enough to convince some undecided victims to go ahead and pay the fee.
The threat, according to a blog post published Tuesday, comes only after the cryptoware has encrypted data stored not only on local hard drives but also those on network drives. To add drama to the attack, all file extensions are changed to .crypt. Chimera is also programmed to target specific employees within an infected company, presumably to make sure the ransom demand doesn't get missed.
Posted by InfoSec News on Nov 05http://www.defenseone.com/threats/2015/11/us-still-doesnt-know-whos-charge-if-massive-cyber-attack-strikes-nation/123377/
Posted by InfoSec News on Nov 05http://www.computing.co.uk/ctg/news/2433469/protonmail-taken-down-by-extremely-powerful-ddos-attack
Posted by InfoSec News on Nov 05http://www.businessinsider.com/facebooks-head-of-security-alex-stamos-biggest-concern-is-android-2015-11
Posted by InfoSec News on Nov 05http://www.timesofisrael.com/iran-said-to-step-up-cyber-attacks-on-us-officials/
Posted by InfoSec News on Nov 05http://www.thedailybeast.com/articles/2015/11/04/pentagon-farmed-out-its-coding-to-russia.html
Posted by InfoSec News on Nov 05http://www.ft.com/intl/cms/s/0/89a0137a-82b1-11e5-8095-ed1a37d1e096.html
Posted by InfoSec News on Nov 05http://www.canberratimes.com.au/act-news/canberra-aps-worker-jailed-for-leaking-top-secret-documents-20151104-gkr7tz.html