At a glance.
- Ryuk ransomware versus US healthcare targets.
- Online grocery breached.
- Wroba malware hits US mobile devices.
Ryuk claims another victim in its assault on US health systems.
California’s Sonoma Valley Hospital confirms the internet issues they suffered earlier this month were the result of a ransomware operation conducted by Russian threat actors, reports the Sonoma Index-Tribune. Hospital officials shut down the affected systems and notified police, but have not paid the ransom. While it is possible that some patient data has been compromised, payment information does not appear to be impacted.
The attack comes on the heels of an announcement from the US Department of Homeland Security, the Federal Bureau of Investigation, and the Department of Health and Human Services warning healthcare institutions to prepare for Ryuk ransomware attacks in the coming months, reports Healthcare Dive. After being heavily utilized in the early part of 2020, it seemed Ryuk ransomware might have lost its popularity around the same time that coronavirus took over the US. It’s now clear that Ryuk was simply lying in wait. The extremely profitable ransomware strain saw an upsurge from around five thousand incidents in Q3 2019 to over 67 million in Q3 2020 and was responsible for the massive attack on United Healthcare Systems that the Cyberwire discussed earlier this month.
Online grocery based in Singapore breached.
Over a million user accounts for Lazada, the largest Singaporean online grocery store, were compromised and released for sale on the darkweb, reports Bleeping Computer. The stolen data, which includes account login info and partial credit card numbers, is going for a mere fifteen hundred dollars. After Lazada became aware of the exposure during a routine monitoring of their systems, they contacted affected customers, assuring them that the database had been secured and advising them to change their login credentials. Though Lazada asserts they are being completely upfront with customers about the breach, they stated the compromised data hadn’t been updated since March of 2019, while the dump’s seller identified data that appeared to be updated as recently as this year.
Wroba malware arrives on US mobile devices.
After previously focusing on targets in the Asia-Pacific region, a mobile malware operation is attacking US devices for the first time, reports Dark Reading. The Wroba Trojan, also known as FunkyBot, targets both iOS and Android users by sending the victim a fake shipping notification, but the endgame is different for each. On Android devices, the victim is lured to a malicious website and baited into downloading a “browser update” that installs the malware. On iOS (which is incompatible with the download) targets arrive at a phishing website mimicking an Apple login page. Wroba was first discovered in 2013 posing as an unassuming app in the Google Play store, and its methods for concealing C2 server communications sets it apart from other malware applications.