Ukraine continues investigation into December's attack on its power grid, now thought to have been long-prepared, with reconnaissance beginning some six months earlier. Latest statements from Ukrainian officials offer more evidence of a Russian connection — Russian ISP, phone calls from within Russia — but stop short of attribution to the Russian organs.
Palo Alto looks at Fysbis, Linux malware widely used by the Sofacy group (a.k.a. APT28 or Sednit, and believed to be connected to Russia). Fysbis is thought to succeed because of what Palo Alto characterizes as businesses' underdeveloped awareness of Linux malware.
ESET describes how criminals used Corkow malware to manipulate Energobank's currency trading platform. Corkow is described as both evasive and capable, but it's unclear how its masters profited from their attack. Not directly, but they may have traded in futures markets or enabled profitable third-party speculation. Or the incident may have been a trial run.
Los Angeles' Hollywood Presbyterian Hospital works to recover from an unusually tough-to-remediate ransomware attack. (Pricey, too: with a $3.6 million ransom.)
Some good ransomware news: Emsisoft decrypts HydraCrypt and UmbreCrypt.
Securities markets have given cyber companies a rough ride recently, but Forbes thinks fears of cyber security bear market are wildly overblown. New growth is forecast after the correction. Barron's looks at the US Federal budget and sees "tailwinds" for security companies, notably FireEye, Imperva, Fortinet, Proofpoint, Palo Alto Networks and CyberArk. BAE's new COO is expected to push into commercial cyber markets.
Police in the UK close in on the Crackas.