The multinational energy company “Enel SpA” or “Enel Group” was attacked ransomware for the second time this year. This time, the attack was provoked by his gang Netwalker, which is asking the company now ransom $ 14 million for the key decryption but also not to leak many stolen terabytes data. Enel is one of the largest companies operating in the European energy sector, with over 60 million customers in 40 countries. As of August 10, it is ranked 87th in Fortune Global 500, recording revenues of approximately $ 90 billion in 2019.
Szymekk ransomware is the threat that derives from the CobraLocker ransomware family. It’s a cryptovirus that, upon successful infection, encrypts users’ computer data, except non-system files, and demands for a ransom to receive a private decoding tool/key. After successful encryption of computer data, most ransomware places ransom notes as .txt files on the desktop and affected folders. Shymekk virus operates differently – it locks the computer screen and shows the ransom message in it. The message itself is very short. Cybercriminals just inform the victim that their device is encrypted and provide an email address (Cobra_Locker@protonmail.com), urging the users to contact them to receive further details.
This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero.
In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of British Columbia (UBC) with a fake COVID-19 survey.
However, this attack and motives are different than the ones previously documented. The survey is a malicious Word document whose purpose is to download ransomware and extort victims to recover their encrypted files.
On discovery, we got in touch with UBC to report our findings. They were already aware of this phishing campaign and were kind enough to share more information with us about the incident. Ultimately, this attack was not successful due to the rapid response of the UBC cybersecurity team.
Since June 2020, Acunetix supports the increasingly popular API query language – GraphQL. In this article, we want to show you step-by-step how to scan an API defined using GraphQL. To do this, you will first create an intentionally vulnerable API and its GraphQL definition, then scan it using Acunetix, eliminate critical vulnerabilities that you found using Acunetix, and verify that they have been eliminated.
Some years ago, during the renaissance of security information and event management (SIEM), security became log crazy. The hope was that by gathering logs from networking and security devices and running them through the SIEM, security events could be astutely exposed and security teams could gain an upper hand over attackers. The enthusiasm was soon dashed when it was obvious that logs alone were not the answer. In the first place, not everything was covered by logs and security details that were being captured could be manipulated easily as an attacker attempted to cover their tracks. Second, it’s one thing to aggregate logs but another to integrate the findings to produce true intelligence, particularly that which could easily stand apart from false positives.