The continuing surge in ransomware attacks against US local governments is drawing attention to a Russian criminal gang, StateScoop reports. CrowdStrike calls the gang "Wizard Spider," best known for its operation of TrickBot. The group has a sub-gang, "Grim Spider," which has been associated with Ryuk ransomware.
The ransomware attacks continue, whether by the Spiders or others. Schools in Orange County, New York, for example, have delayed the opening of school this week as they deal with a ransomware infestation, CBS Local says. The proliferation of ransomware seems to be shaping a complicated bandit economy. Emsisoft thinks there's a good chance that extortionists' preference for payment in alt-coin has driven a rise in the value of Bitcoin.
Pro Publica has argued that insurance companies themselves contribute to this section of the criminal economy by pushing clients to pay ransom, which can be cheaper for the underwriters than covering unransomed losses. As BankInfo Security points out, experts remain skeptical that the criminals actually look for insured targets to hit, but bandits do respond to their own market forces.
CheckPoint warns that Android devices are being hit by an advanced phishing technique that exploits the over-the-air provisioning carriers use to bring new phones onboard. The weakly authenticated SMS messages are readily spoofed.
The US Attorney for the Southern District of California has filed charges against four employees of an email advertising company. KrebsOnSecurity says that the four accused, employed by Adconion Direct, allegedly hijacked IP addresses for use in email advertising campaigns.