Around 1,800 companies are being affected by ransomware across the globe, according to a confidential report by the National Cyber Security Centre (NCSC) in the Netherlands. The report does not specify the names of the affected organizations but indicates that the targeted are the big players from different industries including chemical, health, construction, food, entertainment, and automobile. Most of these companies deal with revenue streams of millions and billions.

In the recent past, ransomware attacks have been on a rise and are being widely publicized as well, but due to the rapid increase in the number of ransomware attacks, many of these go unnoticed and hence unreported. As a result, the number of affected companies as per the NCSC report is likely conservative. Reportedly, the affected organizations are on their own as they recuperate from the attack by either being forced to pay the ransom or resorting to untainted backups to restore files.

NCSC's report enlists three file-encrypting malware pieces namely LockerGoga, MegaCortex, and Ryuk that are to be blamed for the malware penetration, these pieces of malware use a similar digital infrastructure and are "common forms of ransomware." While drawing other inferences, NCSC reckons the utilization of zero-day vulnerabilities for the infection. The dependence upon the same digital infrastructure implies that the attackers setting-up the attacks transferred the threat onto the victim's network via a single network intruder.

Professionals in intruding corporate networks tend to find allies who are involved in ransomware dealings and being experts they are always inclined to spot the best amongst all for whom they gladly pay a lump sum amount of money as salaries on a monthly basis in turn for proficient penetration testers that can potentially travel via infected networks without being detected. Here, the level of access provided determines how high the prices can go up to.

Cybercriminals are not likely to stop spreading ransomware as long as there are victims who are paying the ransom as they have no other option to fall back on, NCSC strictly recommends that organizations strengthen their security net to avoid falling prey to ransomware attacks carried out every now and then these days. 

The much-coveted and popular in news for keeping juveniles fingerprints data, the New York Police Department's fingerprint unit yet again gained much attention as it was shut down for hours because of ransomware.


The NYPD was hit by this ransom malware when they hired a third-party IT, contractor, to set up a digital display at the police academy in Queens on October 5 last year. And when he connected his tainted NUC mini-PC to the police network, the virus attached itself to the system. The virus immediately spread to 23 machines linked to the department's LiveScan fingerprint tracking system.

Deputy Commissioner for Information Technology Jessica Tisch said the officers discovered the malware within hours and contacted the cyber command and joint terrorism task force to solve the potential threat. We wanted to get to the bottom of this,' Tisch said. 'Was this plugged in maliciously was really important for us to get to the bottom of this.'

The ransomware was not executed but the fingerprints system was shut down for hours and were switched back on the next morning. Precautionary, 200 computers were reinstalled throughout the city to be safe.

The NYPD said, 0.1 percent of computers were attacked by the breach but the threat potential was large, as once inside the system, they could access case files and privileged data. The virus, ransomware locks the data, unless a 'ransom' is paid, fortunately, it could not execute the command and they shut down the system.

The IT contractor that accidentally bought the malware was questioned but not arrested.

Experts told the New York Post that breaches in public databases pose a serious security issue. Adam Scott Wandt, a professor of cybersecurity at John Jay College of Criminal Justice in Manhattan, said any breach put information at risk of being stolen. 'It's a fairly complex world that we live in,' he added. 'Everything is linked together. The government normally does a fairly good job of keeping hackers out, but every now and then there is a breach.'

Finland is adapting to protect itself from a secret criminal organization warning to attack cyber-security if the country fails to pay Bitcoins as the ransom money. 

"Around two hundred Finland government bodies and districts participated in the preparation. The situation reportedly concerns a possible group of hackers asking Bitcoin ransom before prosecuting several attacks on cybersecurity," concludes the reports of YLE. The threats are said to be given by #Tietovuoto321, a crew of criminal hackers. According to reports, the group sent Bitcoin ransom blackmails to more than 200 Finnish government agencies, in response to which the Finland authorities have taken steps.


Organizations prepared for further warnings- The training Taisto is conducted by the Population Register Centre, aiming for supporting the technologization of the nation and computerized assistance in Finland. The Population Register Centre works for the Ministry of Finance. As of now, public agencies and bodies noticed their websites and cybersecurity vulnerable to hacking recently. Therefore, a training program is said to be scheduled in the coming days. "The voluntary bodies have reacted happily," says General Secretary, Population Register Centre. He further says, "The institutions in recent times have started waking up to new attacks daily and it is becoming a matter of concern for the nation."

Cases of Ransomware threats have increased- 
The attacks demanding ransoms have multiplied in recent times. Government bodies have become a simple target for hackers all around the world. In a new report published by Hard Fork, "The American government had to pay the hackers to recover their health institutions' data servers."In a data breach incident last month in Mexico, the hackers demanded Bitcoins valued $4.9 million from a government-owned oil company named Pemex.

But it's not all sad and gloomy. In a surprising change of events recently, a user sufferer of ransomware claimed vengeance on his enemies by hacking the database that supported their virus, publishing 1000 deciphering codes for other victims to help them get their money back. In the present times, it is quite difficult to completely divert such warnings in the actual course, but the training tries to support institutions' capacities to fight an invasion.

Virtual Care Provider Inc, a Wisconsin based technology company that provides cloud data hosting, security, and access management to more than 100 nursing homes was hit by a ransomware attack carried out by Russian hackers. The involvement of Ryuk encryption prevented access to crucial medical records of the patients and administration data related to the medication. After encrypting all the data hosted by the company for its patients and clients, attackers demanded a $14 million ransom in bitcoin in turn for a digital key that would unlock access to the data. Unable to afford the ransom, the company owner said that she is fearful of the consequences of the incident which could lead to the premature death of certain patients and the shutdown of her business.

Reportedly, the ransomware was spread via a virus known as 'TrickBot', the company told that it is 'feverishly working' to regain access to crucial data. The officials estimated that about 20% of the company's servers were compromised during the attack.

In a letter addressed to the company's clients, obtained via the Milwaukee Journal Sentinel, Christianson and Koch said that VCPI is "prioritizing servers that provide Active Directory access, email, eMAR, and EHR applications. We will be communicating status updates often and transparently, and, in preparation for service restoration, recommending to you the most efficient manner for your users to regain authenticated access."

Operated by WIZARD SPIDER (eCrime group), Ryuk is a targeted, well-planned and sophisticated ransomware that has targeted large organizations, primarily those that supply services to other businesses. It is employed to target the enterprise ecosystem and has mainly focused on wire fraud in the recent past. Despite having relatively low technical abilities and being under constant development since its release in August 2018, Ryuk has successfully encrypted hundreds of systems, storage and data centers in all the companies it attacked.

VCPI chief executive and owner Karen Christianson said, “We have employees asking when we’re going to make payroll,” “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”

“We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time,” she further told. “In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have a family to go to are then done. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t.”

Cyber-Security company Nyotron has caught a new way that lets hackers modify Microsoft files in a unique style that subsisting anti-ransomware are unable to identify.

Ransomware is one of the most common cyber-security menaces. "It is said to be the top 2 widely used technique used by hackers, as in the case of hijacking 28 computers appeared," confirms Verizon's data breach inquiry report. Unfortunately, for the present time, it is proving quite hard to be identified. The ransomware can permit attackers to avoid the present computer securities by depending on a data system, which is the ‘rename’ selection in the Windows operating system. This detour can be performed in just two rows of the cipher. That is how simple it is for hackers.



What is Ransomware? 

Ransomware is a sort of harmful virus, intended to reject entrance to a network system or information. For access to the data, the malware demands a ransom to be paid. It normally grows through fraud e-mails or by hitting an affected website that is unfamiliar. Ransomware is disastrous to a person or an institution.

"The firm has obeyed declaration disciplines and urged all safety businesspeople to discuss the issue. Moreover, to examine if the system is infected or not, the company has provided users a fresh new tool," says Nir Gaist, Founder and Chief Technology Officer at Nyotron. Gaist further adds, "The unusual style of file alteration 'RIPlace' suggests that while technology might not ‘cover’ the virus, let's say, it helps adjust data on a computer stealthily. Therefore, from the warning player outlook, it is our only hope for identifying 'Ransomware.' The firm has also explained how the RIPlace technique allows ransomware to dodge the detection and infect computers despite Symantec Endpoint Protection and Windows Defender Antivirus software being installed.

"Recently, there was a vulnerability discovered in Canon cameras which allowed the hackers to perform ransomware attacks," say the experts from Check Point, a cyber-security company. The company examined if the DSLR's image transference custom could be misused to let an attacker hack the DSLR and affect it with the virus. However, the attacker, in this case, was obliged to be close to the camera to affect it. The issue sparked caution, as it could be used to exploit different kinds of devices.

Security experts are predicting an unusual rise in ransomware attacks and a strategic change in the cybercrime ecosystem which is directed to evade detection and fail the existing defense mechanisms against it. As the ransomware attacks will expand in scale with a heightened influence, few dominant players currently present are expected to disperse themselves into multiple smaller ones.

Ransomware infects the victim's computer by locking down the hard drive and encrypting the data present onto the system, then the attacker asks the victim to pay the demanded ransom in due time and if the victim fails to do so, the data is gone forever. The virus spreads across infected networks via a worm and encrypts several machines in a row. After an in-depth analysis of various 'Windows security threats' such as coin miners, file-less malware, ransomware, PUAs, banking Trojans, Global cybersecurity company, Bitdefender concluded that out of all, the threat posed by ransomware is growing rapidly. Reportedly, it has grown 74 percent, year on year. GandCrab had been one of the most prevalent and sophisticated ransomware since its arrival in 2018, it kept on strengthening its defense and upgrading its delivery methods to bypass detections. After its death, ransomware experienced its first and indeed a steep fall in the cybercrime ecosystem in terms of severity of a particular threat. However, a new birth means several new players will enter the scene and might hit the security layers even harder than GandCrab, experts have the potential candidates under the radar. One such threat is being anticipated from 'Sodinokibi (aka REvil or Sodin)'.

The upsurge in ransomware attacks in 2019 has led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to declare that it was nearing to qualify as a "large-scale cyber event." According to an August 2019 publication, ransomware "has rapidly emerged as the most visible cybersecurity risk playing out across our nation's networks."

"The fall of GandCrab, which dominated the ransomware market with a share of over 50 percent, has left a power vacuum that various spinoffs are quickly filling. This fragmentation can only mean the ransomware market will become more powerful and more resilient against combined efforts by law enforcement and the cybersecurity industry to dismantle it," the report reads.

The state of Texas got hit recently by a cyber-attack as a result of which 23 government agencies were taken down offline.

Per the DIR (Department of Information Resources) of Texas most of the aggrieved parties were small local government agencies which are unnamed so far.

The Texas state networks however are still unharmed. The State Operations center of the state has been rigorously working towards the problem.

Sources mention that all the state and federal agencies handling the case hint at the fact that the attack was coordinated by a single actor.

The attack has been categorized as a sure shot ransomware attack. Per sources in it was a stain which was identified as “Nemucod”.

The aforemetioned ransomware generally “encrypts files and then at the end adds the .JSE extension”, a researcher mentioned.

Allegedly, the US have been the target for a lot of cyber-attacks of late. With an apparent total of 53% of the entire global number, the US have been victimized the most by cyber-attacks.

A state emergency was declared on Louisiana in July this year in response to a ransomware attack on school computer systems.

The situation is very critical from the point of cyber-security as municipalities falling prey to such attacks and ransomware in particular is not a good sign at all.

Mass scale attacks and their increase in number are disconcerting on so many levels. Because threat actors willing to put so many efforts, like the researchers like to say, are numerous.

Residents of Johannesburg using pre-paid electricity meters were not able to load the electricity purchased from City Power and were also unable to purchase further electricity due to a ransomware attack which compromised City Power's database.

Earlier, City Power said while the variant of ransomware utilized to carry out the attack remains unknown, they have the encrypted network, applications, and database being restored and rebuilt by their ICT department.

Easing off the customers, Isaac Mangena, the utility's spokesperson, said, "We want to assure residents of Johannesburg that City Power systems were able to proactively intercept this and managed to deal with it quicker."

"Customers should also not panic, as none of their details were compromised," Mangena assured.

On Friday, City Power announced that their cybersecurity team identified the variant of malware which temporarily paralyzed the city's computer systems.

Reportedly, the email systems took the hardest hit by the ransomware and were taking a while to recover and be functional again.

While giving updates, Mangena said “The virus samples have been taken to the external labs for analysis and testing,”

“Our IT technicians have also recovered and, in [a] few instances, reconstructed most of the systems,, applications, and data that was threatened, using backup files.”

Victims of the cyber power attack along with the customers, have been raging since the incident happened and encrypted the computer databases, applications and network.

City Power turned to external cyber security experts who worked in association with their team to tackle the issue.

A key electricity supplier for the largest South African city, Johannesburg, experienced a massive ransomware attack which led to the shutdown of the city's computer systems on Thursday.

In a series of tweets, City Power announced that the ransomware virus encrypted all their databases, applications and networks; all of which is being reconstructed by their ICT department.

They further told that the customers may not be able to access their website and may not be able to purchase electricity units until the issue has been sorted out by their ICT department.

As the website continued to be offline, the victims resorted to social media in order to report the issues occuring with their electricity supplies.

The type of ransomware employed in the attack is still a matter of question, however, with the magnitude, the power of this cyber power attack can be gauged. Besides, restricting customers from buying pre-paid electricity, it also affected the attempts made by City Power to respond to localized blackouts.

Commenting on the matter, a spokesman for City Power said, for the people affected, "These are the people on the pre-paid system[s] and would at any given day buy electricity,"

"Those people were not able to access the system." he added.

A free scheme known as, 'The No More Ransom project' which was founded by Europol, police in the Netherlands, and McAfee is recorded to have prevented cyber-attack victims from paying heavy ransoms and assisted over 200,000 people in saving approximately $108m (£86m).

Along with advice and recommendations, the project delivers software which is configured to recover computer files that get encrypted during ransomware attacks.

With the introduction of 14 new tools in the year 2019 itself, the project having over 150 global partners can now decrypt a total of 109 variants of infection.

Referencing from the explanation given by, Steven Wilson, head of Europol's European Cybercrime Centre (EC3), “When we take a close look at ransomware, we see how easy a device can be infected in a matter of seconds. A wrong click and databases, pictures and a life of memories can disappear forever. No More Ransom brings hope to the victims, a real window of opportunity, but also delivers a clear message to the criminals: the international community stands together with a common goal, operational successes are and will continue to bring the offenders to justice.”

The project made determined and successful efforts to take down various ransomware campaigns including  GandCrab, which is amongst one of the most hostile ransomware campaigns of all time.

GandCrab continued making headlines in 2018 and in 2019, the cyber world saw an upsurge in the number of ransomware attacks targeting large organizations.

Commenting on the matter, Mr. Woser told BBC, "Projects like No More Ransom have been crucial when it comes to fighting ransomware on a global level, with pretty much all major parties cooperating on a global and daily basis, sharing intel[igence] in real-time - except for the US.

"The US should consider the success of the No More Ransom Project to be a call to action.

"Better cooperation between the private sector and law enforcement could result in fewer ransom demands being paid.

"That would make cyber-crime less profitable and, consequently, reduce the financial incentive for groups to commit cyber-crime."

Researchers at cybersecurity firm Kaspersky have uncovered new encryption ransomware named Sodin (Sodinokibi or REvil) that exploits a recently discovered Windows vulnerability to get elevated privileges in an infected system. The ransomware takes advantage of the architecture of the central processing unit (CPU) to avoid detection - functionality that is not often seen in ransomware.

"Ransomware is a very popular type of malware, yet it's not often that we see such an elaborate and sophisticated version: using the CPU architecture to fly under the radar is not a common practice for encryptors," said Fedor Sinitsyn, a security researcher at Kaspersky.

"We expect a rise in the number of attacks involving the Sodin encryptor, since the amount of resources that are required to build such malware is significant. Those who invested in the malware's development definitely expect if to pay off handsomely," Sinitsyn added.

The researchers found that most targets of Sodin ransomware were found in the Asian region: 17.6 percent of attacks have been detected in Taiwan, 9.8 percent in Hong Kong and 8.8 percent in the Republic of Korea.

However, attacks have also been observed in Europe, North America and Latin America, Kaspersky said, adding that the ransomware note left on infected PCs demands $2500 worth of Bitcoin from each victim.

The vulnerability CVE-2018-8453 that the ransomware uses was earlier found to be exploited by the FruityArmor hacking group. The vulnerability was patched on October 10, 2018, Kaspersky said.

To avoid falling victim to Sodin threats, make sure that the software used in your company is regularly updated to the most recent versions, said Kaspersky researchers.

Security products with vulnerability assessment and patch management capabilities may help to automate these processes, they added.