At a glance.
- Bitbucket code repositories found distributing malware (much of it privacy-threatening information collectors).
- Sodinokibi's popularity grows in the criminal underground.
- More lawsuits filed over DCH Medical Center ransomware incident that compromised health information.
Bitbucket used to distribute information-stealing malware payloads.
Cybereason has found a malware campaign that’s been using Bitbucket repositories as its launching point. Bitbucket is a version control repository hosting service Atlassian owns. Developers working with the Mercurial or Git revision control systems use Bitbucket for source code and development projects. The researchers found seven malware strains being distributed through Bitbucket:
- Evasive Monero Miner, a quiet cryptojacker.
- IntelRapid, a cross-currency alt-coin stealer.
- Predator, which steals credentials from browsers, compromises device cameras, takes screenshots, and rifles cryptocurrency wallets.
- Azorult, an information stealer with backdoor capabilities. It’s used for spying, credential theft, and, again, cryptocurrency stealing.
- STOP Ransomware, which also comes with downloader capabilities.
- Vidar, another information-stealer.
- Amadey bot, a reconnaissance Trojan.
Altassian closed the affected repositories within a few hours of receiving a warning from Cybereason.
Sodinokibi, a data thief as well as a ransomware strain, grows in underworld popularity.
CIO Mag has an account of the current popularity of Sodinokibi ransomware (also known as REvil) among cyber criminals. The proprietors of the malware run an affiliate program to which anyone can sign on for a share of their criminal profits (provided, of course, that they don't use Sodinokibi against victims in the former Soviet Union, the Commonwealth of Independent States). Each affiliate keeps 60% of their take, and their share rises to 70% after their first three successful extortion capers. The gang has hit upon a successful black market economic model. The threat to privacy? They've realized that they can increase their profits if they steal data at the time they encrypt it. The attackers then have additional leverage against the victims. It's not just, "pay up, or you'll never get your data back." It's now, "pay up, or not only won't you get your data back, but we'll either sell it to other criminals or publish it for the world to see."
Ransomware attack draws privacy lawsuits against hospital.
DCH Medical Center in Tuscaloosa, Alabama, is being sued by three more patients in a Federal class action suit that alleges the hospital lost their personal information in the course of an October ransomware attack, the Washington County News reports.