May 4, 2020 By David Bisson 3 min read

Last week in security news, the authors of Shade ransomware announced that they were releasing 750,000 decryption keys to help their remaining victims recover their files for free. Speaking of ransomware, a notorious malware-as-a-service (MaaS) botnet added crypto-ransomware capabilities, thereby augmenting its ability to target Android users. Several other botnets also attracted the attention of security researchers.

Top Story of the Week: The End of Shade Ransomware

In a GitHub post, the authors of Shade ransomware announced the publication of 750,000 decryption keys along with their own custom decryption software. The malicious actors noted that some victims might have trouble using these resources to recover their files for free. In response, those nefarious individuals vocalized their hope that security firms would use the published keys and software to create commercial decryption tools that would be easier to use.

This announcement marked the last stage of Shade ransomware’s retirement. After ceasing all distribution of their creation in late 2019, those responsible for the ransomware said that they had deleted all data and source codes relating to their activity.

Source: iStock

Also in Security News

  • Return of Black Rose Lucy Marked by Addition of Ransomware Features: Check Point Research discovered that the Black Rose Lucy botnet had returned from a two-year hiatus by masquerading as a video player application. The digital threat leveraged this disguise to use its new ransomware features and encrypt all files identified in the device’s directories.
  • BEC Scam Launched by Florentine Banker Steals £600K: Also from Check Point Research, a threat group known as the Florentine Banker attracted security professionals’ attention by targeting at least three large financial organizations with sophisticated business email compromise (BEC) scams. In one of these attacks, the group successfully stole £600,000.
  • New Shellbot Linux Malware Launched by Outlaw Hacking Group: Yoroi Security came across a new Linux malware called Shellbot that originated from the Outlaw hacking group. Early versions of this threat arrived with a module for conducting distributed denial-of-service (DDoS) attacks, but later versions used a Monero miner and Perl backdoor as its main elements.
  • LeetHozer Botnet Samples Share Attack Resources With Moobot: The Network Research Lab at 360 observed that the new LeetHozer botnet used the same downloader and the same unique string in its vulnerability exploitation routine as Moobot. Acknowledging those similarities, the research team posited that Moobot and LeetHozer originated from the same group of attackers.
  • Inquiry Discovered Multi-Year PhantomLance Campaign: Kaspersky launched an inquiry into a backdoor Trojan identified by another security firm back in July 2019. This effort revealed that the campaign, dubbed PhantomLance, had been active since at least 2016 and had infiltrated several app marketplaces including the Google Play store.
  • Zero-Day Flaw in Sophos Firewalls Exploited by Information Stealer: Researchers at Sophos revealed that malicious actors had exploited a zero-day flaw to achieve remote code execution on some of the security firm’s firewall products. That malicious activity enabled those actors to install the Asnarök Trojan for the purpose of stealing data from their victims.
  • High-Severity Code Injection Vulnerability Plugged in WP Plugin: In late April, Wordfence discovered a vulnerability in the Real-Time Find and Replace WordPress plugin that could enable a malicious actor to inject malicious Javascript into an exposed site by tricking the site admin. The security firm notified the plugin’s developer who responded by issuing a patch a few hours later.
  • Department of Labor’s FMLA Used as Lure to Target Users: IBM X-Force detected a phishing campaign in which digital attackers used the U.S. Department of Labor’s Family and Medical Leave Act (FMLA) to convince recipients to open an email attachment. Once opened, that file infected recipients with Trickbot.

Security Tip of the Week: Review Your Organization’s Ransomware Defenses

Security professionals can strengthen defenses against ransomware threats such as Shade by using an ongoing security awareness training program to build up a positive security culture in the workplace. This effort will cultivate employees’ familiarity with phishing campaigns and other social engineering attacks, thereby reducing the number of available distribution channels for attackers. In addition, infosec personnel should leverage the latest threat intelligence to stay on top of evolving ransomware campaigns.

More from

The rising threat of cyberattacks in the restaurant industry

2 min read - The restaurant industry has been hit with a rising number of cyberattacks in the last two years, with major fast-food chains as the primary targets. Here’s a summary of the kinds of attacks to strike this industry and what happened afterward. Data breaches have been a significant issue, with several large restaurant chains experiencing incidents that compromised the sensitive information of both employees and customers. In one notable case, a breach affected 183,000 people, exposing names, Social Security numbers, driver's…

What can businesses learn from the rise of cyber espionage?

4 min read - It’s not just government organizations that need to worry about cyber espionage campaigns — the entire business world is also a target.Multipolarity has been a defining trend in geopolitics in recent years. Rivalries between the world’s great powers continue to test the limits of globalism, resulting in growing disruption to international supply chains and economics. Global political risk has reached its highest level in decades, and even though corporate attention to geopolitics has dropped since peaking in 2022, the impact…

How I got started: AI security executive

3 min read - Artificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AI/ML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, who has a unique blend of technical and soft skills. Carignan was originally a dance major but was also working for NASA as a hardware IT engineer, which forged her path into AI and cybersecurity.Where did you go to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today