McAfee Labs

Spotlight on Shamoon

Our analysis this month has pointed to Shamoon emerging in the Middle East. We have recently seen a number of similarities that we had highlighted in our earlier blogs (on mcafee.com). The campaign continues to target organizations in the Middle East from a variety of verticals. Reports suggest that a further 15 disk-wiping Shamoon incidents …

Cloud Security

MongoDB Databases Hit by Wave of Data Extortion

During the past couple of weeks an attacker with the alias Harak1r1 has gone after MongoDB databases connected to the cloud. These old database instances were not protected by an administrator password, and were non-firewalled. Therefore, the attacker logged onto these databases, downloaded the content, then removed the content, and left a note demanding 0.2 …

McAfee Labs

Shamoon Rebooted in Middle East, Part 2

Last week we provided some initial analysis on recent attacks targeting organizations in the Middle East.  The attack has hallmarks of the Shamoon campaign of 2012. We now have additional data related to the components used within the new campaign, which has three distinct components: dropper, wiper, and wiper driver. The language of these three …

McAfee Labs

Shamoon Rebooted?

We have recently received notifications and samples from impacted organizations in the Middle East that have hallmarks of the Shamoon campaign from 2012. The main component of these attacks was the usage of a wiper component that, once activated, destroyed the hard disks of infected machines. The initial infection vector for the recent attacks is …

McAfee Labs

‘McAfee Labs Threats Report’ Examines Whether Ransomware Is Coming to a Hospital Near You

Delivering uninterrupted services with immediate access to information is not an easy task. Doing it with legacy systems, a fragmented workforce, and inconsistent security is a monumental job. Unfortunately, this is the state of many hospitals, leading the criminal underground to their back doors. Ransomware attackers have shifted focus, moving from consumers to organizations with …

McAfee Labs

‘Wildfire’ Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free

Intel Security and Kaspersky Lab, partners in the project NoMoreRansom, are pleased to announce today the availability of a decryption tool for victims of the Wildfire variant of ransomware. This tool is available following successful collaboration with the Dutch police and the European Cybercrime Centre. This strong public-private partnership has led to the seizure of …

McAfee Labs

Intel Security Teams With Industry, Law Enforcement to Thwart ‘Shade’ Ransomware

Intel Security, Europol, Kaspersky Lab, and Dutch police have taken down the Shade ransomware botnet and captured encryption keys to unlock victims’ systems. Although we talk a great deal of the value of public-private partnerships in the fight against cybercrime, few events in the cybersecurity field are more inspiring than seeing such collaboration in action and …