At a glance.
- Louisiana city is hit with ransomware.
- Cape Cod transportation system suffers ransomware attack.
- Suspicious phone bill fees linked to sneaky new malware.
Louisiana city is hit with ransomware.
The AlphV ransomware gang on Thursday added the city of Alexandria, located in the US state of Louisiana, to its list of victims, and officials have confirmed that the 50,000-person city was hit with a ransomware attack. Communications Director at the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness Mike Steele told the Record by Recorded Future, “Cybersecurity resources from the state have been deployed to help out with the situation. The city and parish reached out to the state for support and that’s when our team stepped in. There is a criminal investigation at the state level as well as some federal agencies involved in a federal investigation as well.” This is not the first time Louisiana has been targeted, as in 2019 Governor John Bel Edwards was forced to activate the state’s cyber incident response plan for the first time and declare a state of emergency after several school districts and parishes were attacked. The AlphV threat group, also known as BlackCat, referenced the previous attacks in their posting on Friday, stating, “Your servers are lying down again and the network is tightly closed and unavailable. We got more than 80 GB in compressed form of important data city [sic]...Don’t make past mistakes and do the right thing. This time you won’t get away with it.” The gang also threatened local news outlet KALB, one of the first media sources to report on the attack. Emsisoft’s Brett Callow said of the unusual tactic, “I can only assume AlphV believes press attention at this point in time would lessen their chances of being paid – which may be a good reason for the press to shine a bright light on the incident.”
Cape Cod transportation system suffers ransomware attack.
Cybercriminals celebrated Memorial Day weekend by hitting the Cape Cod Regional Transit Authority (CCRTA) servers with a ransomware attack, the Cape Cod Times reports. CCRTA administrators sent staff an email on Monday notifying them that files on their servers had been encrypted. The attackers’ demands are not yet known, and state and federal law enforcement officials are currently investigating. CCRTA’s normal bus routes are operating as scheduled, but the Dial-a-Ride-Transportation bus service, which allows customers to schedule a ride one day in advance, was forced to rely on manual route mapping instead of its usual onboard digital communication system.
Suspicious phone bill fees linked to sneaky new malware.
A newly detected Android malware called SMSFactory is adding extraneous fees to victims’ phone bills by signing them up for premium services without their knowledge. Bleeping Computer reports that the devices of tens of thousands of Android users have already been hit with infection attempts over the past year, though the exact number of victims is uncertain. Distribution channels for the ransomware include malvertising, push notifications, promotional pop-ups, and videos advertising game hacks or access to adult content. The majority of targets are located in Russia, Brazil, Argentina, Turkey, and Ukraine, and the malware is hosted on unofficial app repositories lacking proper security vetting like APKMods and PaidAPKFree. Though SMSFactory’s primary mission is to send premium texts and make calls to premium phone numbers, researchers found a malware variant that can also steal a victim’s contact list. Upon installation, Android's built-in security system Play Protect issues a warning alerting users of the potential security risk, but careless users eager to access the promised content are likely to overlook it.