Cloud Security News: Week in Review is our blog series, grabbing the more interesting cloud security scoops from the web. Sit back, relax, and catch up on all you should know about this week.
Some of you may remember last week’s article about a malware resurfacing after almost four years of hibernation. Well, you might get a bit of déjà vu while reading this week’s first story. In other news, are you planning on going to the Coachella music festival in California next month? Turns out that the festival’s website has been breached, so read up or pass this along to your friends who bought tickets. To end on a more uplifting note, a mysterious member of the cybersecurity world has published decryption keys for the Dharma ransomware. Some faith in humanity restored, perhaps? Read below for more details.
By Danny Palmer (@dannyjpalmer)
Back in 2014, and ending in the summer of 2015, a ransomware called “TorrentLocker” (aka “Cryptolocker”) was targeting Windows users via a spam email campaign. Recent discovery shows that TorrentLocker is back at it again. Unfortunately, the new and improved version is causing even more damage now, through additional malicious tactics. Like before, TorrentLocker infects victims via macros hidden within a Word doc attached to a spam email. The new version can also infect other computers through shared files, while collecting usernames and passwords to potentially use in future attacks.
The famous Coachella Valley, Music and Arts Festival (widely known as just “Coachella” for short) attracts thousands of attendees every year, requiring each person to register through the festival website. According to this article, it was recently discovered that the site was breached, leaving registered users with compromised accounts. Coachella authorities stated that personally identifiable information (PII) such as usernames, full names, addresses, phone numbers, emails, and dates of birth have been stolen. The silver lining? The investigation determined that “no financial information was accessed” and that “no user passwords were stolen.”
By Lucian Constantin (@lconstantin)
On Wednesday, a mysterious user going by the name of “gektar” posted on a tech support forum linking to decryption keys for all variants of the “Dharma” ransomware. Some background: Dharma has been infecting victims since last November, and is a descendent of the “Crysis” ransomware. But wait, there’s more. Turns out that this is the same user who provided legitimate decryption keys for Crysis back in November. The leaked keys are indeed real this time around as well, so any of the victims who kept copies of their encrypted files can now access free decryption tools, thanks to this unknown good citizen.