Shipping company CMA-CGN continues to work through the Ragnar Locker ransomware attack that hit its business systems a week ago, gCaptain reports. In severity and potential impact the incident is being compared by Bloomberg and others to Maersk’s 2017 NotPetya infestation.
Kaspersky researchers report, according to WIRED, that spyware leaked from the (now defunct, and controversial when active) lawful intercept shop Hacking Team has turned up in malware being run by Chinese-speaking threat actors. The malware they’re deploying is also unusual in that it alters its target’s Unified Extensible Firmware Interface. Installation in the UEFI renders this attack harder to detect and eradicate than more conventional malware.
KrebsOnSecurity describes, with credit to researchers at Intel 471, a campaign designed to disrupt Trickbot. On September 22nd and again on October 1st someone sent bogus configuration files to Trickbot-infected devices, effectively disrupting the botnet’s command-and-control. Who’s responsible is unknown: disgruntled insider, competing criminal gang, law enforcement or intelligence agencies, or vigilantes are all possibilities. Trickbot is closely associated with the gang that runs Ryuk ransomware.
Appgate Labs have analyzed a new strain of ransomware, ”Egregor.” The researchers think it looks like a Sekhmet spin-off, and they note that Egregor has been following the recent, now routine, ransomware trend of stealing information before it’s encrypted, the better to yield leverage over the victim and diversify the illicit revenue stream.
The Wall Street Journal sees the international mood shifting against Huawei, as Germany moves toward restricting the Shenzhen company’s participation in its 5G infrastructure.